Using a shared cache in a Web farm environment for detecting replay attacks in WCF

I'm trying to figure out how to implement a replay attack detection mechanism with WCF in a web farm scenario.

WCF provides such detection mechanism by using a nonce cache. Correct me if I'm wrong, but the only way to ensure to prevent this attack in a message security and web farm scenario is by using a nonce cache shared across the servers.

In WSE3.0, it used to be possible to provide nonce cache custom implementations

but there doesn't seem to be any way to do so in WCF (No configuration options, besides I found with Reflector that the NonceCache class is marked as both sealed and internal..)

Any thoughts?


Firstly there are no silver bullets for this. Each option has its drawbacks. Microsoft recommends one of two options:

  • Use message mode security with stateful security context tokens (with or without secure conversation enabled)
  • Configure the service to use transport-level security

While securing your service using transport-level security will protect from the man in the middle scenario it will not protect you against a compromised client. So in effect it's not a robust solution and using stateful security context tokens is the better way of the two. This does require some considerations when developing and deploying.

As I stated in my earlier answer there no silver bullets for this. Here is another option (which you may have already considered) by using detectReplays, maxClockSkew, replayWindow, and replayCacheSize settings. Although I'm not sure about its robustness in a WebFarm scenario it should work given the underlying operation of WCF. Here's a brief article that demonstrates it. The drawback with this option is when you have a client in a different timezone to the server you'll get failures if your maxClockSkew is not set to allow for the timezone differences.

Need Your Help

What's the correct alternative to static method inheritance?

c# .net inheritance static

I understand that static method inheritance is not supported in C#. I have also read a number of discussions (including here) in which developers claim a need for this functionality, to which the t...

Differences between std::is_integer and std::is_integral?

c++ c++11 language-lawyer typetraits

C++11 provides two type trait template classes: std::is_integer and std::is_integral. However, I cannot tell the differences between them.