Use Replay Detection to Protect Against Message Replay Attacks

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Use the WCF replay detection feature to protect your service against message replay attacks. A message replay attack occurs when an attacker copies a stream of messages between two parties and replays the stream to one or more of the parties. Unless mitigated, the computers subject to the attack will process the stream as legitimate messages, resulting in a range of harmful consequences including unauthorized access to the service.

To enable replay detection in your service:
  1. Create a customBinding Element.
  2. Create a <security> element.
  3. Create a localClientSettings element or localServiceSettings element.
  4. Set the following attribute values, as appropriate: detectReplays, maxClockSkew, replayWindow, and replayCacheSize. The following example sets the attributes of both a <localServiceSettings> and a <localClientSettings> element:
<customBinding>
  <binding name="NewBinding0">
   <textMessageEncoding />
    <security>
     <localClientSettings 
      replayCacheSize="800000" 
      maxClockSkew="00:03:00"
      replayWindow="00:03:00" />
     <localServiceSettings 
      replayCacheSize="800000" 
      maxClockSkew="00:03:00"
      replayWindow="00:03:00" />
    <secureConversationBootstrap />
   </security>
  <httpTransport />
 </binding>
</customBinding>

Additional Resources

Last edited Jun 12, 2008 at 9:21 PM by prashantbansode, version 1

Comments

No comments yet.