Monday, 16 July 2012

Security in WCF RIA- Service Best Practices

In this article we will see  some of the coding best practices done to ensure RIA services are secure. The best practices are referred from msdn.
I will be taking paging-caching , authentication and authorization and adding endpoints in subsequent articles.


When you expose a domain service by applying the EnableClientAccessAttribute attribute, the domain service is available to everyone on the network where it is exposed.
The Client application is accessed not only by your application but also any other application can access the domain service. This consideration is important not just for application with sensitive data hosted to public but also in case of an application hosted behind a firewall.
Here I have tried to list down a few things which we use in our project , reference is msdn.

Best Practices
Sl No                                         
1
ID                                      
D&O_1
Best Practice Definition
Only the required data should be exposed to the client
Explanation
If there are 5 columns of a table in the application and say, only 2 columns are needed by the client expose only the two columns required by the client to do the task.
You should also expose only those entities that should be consumed by the client and not all the entities.
Example
When a column should not be exposed decorate it with [Exclude] attribute.
Exclude specifies that an entity member will not exist in the code-generated client view of the entity, and that the value should never be sent to the client.


Or you can create a separate domain class, which contains only those entities that should be exposed to the client.

Sl No                                         
2
ID                                     
D&O_2
Best Practice Definition
Only the required operations should be exposed to the client
Explanation
Suppose for an entity Product, Products can be inserted and updated and cannot be deleted, we should not expose delete method to the client.
Example
You can either create multiple domain services one for the client and other with server exposing the appropriate methods and decorate the methods which are not used by client with [Ignore] attribute in the client’s domain service.

Sl No                                         
3
ID                                     
D&O_3
Best Practice Definition
Retrieve only the required operations and not everything in the database
Explanation
Pass required parameters to query operations so that the output data can be filtered as required.
Example
For a method GetReportForAnEmployee , create a separate LINQ query and pass EmployeeID as a parameter instead of using GetReport() and then doing some operations on all the data that is retrieved.



Sl No                                         
4
ID                                     
D&O_4
Best Practice Definition
Use separate query methods for each specific scenario.

Explanation
Pass required parameters to query operations so that the output data can be filtered as required.
Example
For example, if products are shown by category or supplier, you can provide two methods that accept category or supplier information, instead of a single method that returns all of the products.

Sl No                                         
5
ID                                     
D&O_5
Best Practice Definition
Use caching and paging intelligently.

Explanation
Paging helps to show the results when large number of records is retrieved present in the search result, while managing the server load.
Caching decreases load on middle layer.
Example



Sl No                                         
6
ID                                      
A&A_1
Best Practice Definition
Provide authentication and authorization for data and operations.

Explanation
Apply the RequiresAuthenticationAttribute attribute to a domain method to restrict access to the operation to only authenticated users.
the RequiresAuthenticationAttribute attribute is applied to an entire domain service class, all of the domain operations are restricted to only authenticated users.
The RequiresAuthenticationAttribute attribute prevents the method from being executed when the user is not authenticated.


Example
[RequiresAuthentication]
        public void InsertEmployee(Employee employee)
        {
            if ((employee.EntityState != EntityState.Detached))
            {
                this.ObjectContext.ObjectStateManager.ChangeObjectState(employee, EntityState.Added);
            }
            else
            {
                this.ObjectContext.Employees.AddObject(employee);
            }
        }


Sl No                                         
7
ID                                     
A&A_2
Best Practice Definition
Provide authentication and authorization for data and operations.

Explanation
RequiresRoleAttribute is applied to a domain method to restrict access to the operation to only authenticated users that belong to one of the specified roles.
When you apply the RequiresRoleAttribute to an entire domain service class, all of the domain operations are restricted to only authenticated users that belong to the specified roles.
The RequiresRoleAttribute prevents the method from being executed when the user does meet the authentication criteria.

Example
[RequiresRole("Administrator")]
        public void DeleteEmployee(Employee employee)
        {
            if ((employee.EntityState == EntityState.Detached))
            {
                this.ObjectContext.Employees.Attach(employee);
            }
            this.ObjectContext.Employees.DeleteObject(employee);
        }


Will explain 5, 8 and 9 in next few articles to come.

Sl No                                          
8
ID                                     
A&A_3
Best Practice Definition
Always verify data before using it.
Explanation
Data sent from client should not be trusted, verify the data for data type , regular expressions, nulls and empty, length etc in the domain service. You can also validate these using custom validators.

Example


Sl No                                         
9
ID                                     
EP_1
Best Practice Definition
Minimize the number of end points
Explanation
For RIA Service, binary endpoint is default. New endpoints should be added in the web.config only when needed.

Example



No comments:

Post a Comment