我开发了一个 .Net 3.5 windows 窗体应用程序。我还想设计一个网站,它有一个带有多个 Web 方法的 Web 服务来查询主机上的数据库。我希望只能通过我的 winapp 和我的网站调用网络服务!而且我不希望任何其他人能够调用和使用我的 web 服务,但只有一些有权访问我开发的 windows 应用程序的人。
为此,我需要一个良好的安全方案!我真的很感谢任何可以帮助我的人,因为这是我开发 Web 服务的第一次体验,我真的需要它像我提到的那样安全!
问问题
620 次
1 回答
3
What you're talking about is going to be difficult to do for several reasons, but primarily this:
If you put anything in code on your WinForms app, it can be decompiled very easily. You can obfuscate the code all you like, but it can be de-compiled.
Because of that, any code that you have in your app can be read by anyone with access to the code. You should always treat any WinForms app as if it's completely compromised, and ensure that the security at the server end compensates.
Because of this, you can't simply store usernames and passwords in configuration files or in code. You have to come up with something else. You CAN use authentication and prompt the user to enter a username/password on program launch, and use that. However, people tend to share these things, so you may want to go for extra protection.
You can put the connection info, or secrets into the app.config and encrypt it, but anyone who can de-compile the code, can recompile it, and add code to decrypt it at will.
You can provide signed keys with your app, and use that in an authentication mechanism, but that can be bypassed.
You can restrict your IP address to specific IP addresses, but those can be spoofed.
However...
By layering all of the above techniques, you can make it difficult for an attacker to bypass your precautions. We did the following in one of our apps where we had a similar requirement:
- We set up a database that holds a GUID record for each authorized customer, and IP addresses allowed for that customer.
- Every web method expects a CustomerKey parameter. (the guid mentioned above) Each call to a web service checks the key against the IP address.
- If it matches, valid data is returned.
- If it fails, valid looking data is returned. We actually return what looks like good data, but it's really not. This makes it harder for an attacker to know if they've actually broken through the defenses.
- In the WinForms app, the key is stored in the app.config, which is encrypted in the main() event (the entry point for WinForms apps). This is to prevent the casual reader from accessing it.
- The program is launched automatically on install, so that the encryption happens at startup, to minimize the chance someone can read the file before it's encrypted.
- Also, the code is obfuscated.
Layering the defenses, hopefully, will discourage the average attacker.
Microsoft has some guidelines as well: http://msdn.microsoft.com/en-us/library/ff648643.aspx
于 2012-08-15T21:27:50.453 回答