Geek Answers Handbook

Securely authenticate client to server

System Specifications: C # using .NET 3.0. WCF services hosted as Windows services on application servers. MSSql Server 2008R2 database for data storage.

User password hashes are stored in the database for user authentication. My problem is that I do not know how to authenticate the client on the server securely using the client password hash.

After reading similar questions on SO, I saw that a request response mechanism was recommended. Can anyone give some good coding examples of how this can be done?

In addition, if we can safely generate a private key pair on the server and distribute the public key to all clients, using public key encryption to transmit information from the client and server is enough to use a response request.

EDIT: by client, I meant a user who would actually use the client machine to log into the system.

+4
source share
3 answers

If the client and server are in the same AD domain, the easiest option is to use the net.tcp transport with AD authentication. The kerberos custom token is presented to the service and can be authenticated using AD roles.
If you cannot use AD Integrated Authentication and use this scheme, you can use the validator username

0
source

Use SSL to communicate with your client and server, and you will be provided with public key encryption (AKA asymmetric). You do not need to specify it yourself just configure it to use SSL .

+2
source

The process will look like this: -

The server generates a call and sends it to the client. e.g. X

At the client

passwordHashed = Hash (password) challengeHashClient = Encryption (X, passwordHashed) // passwordHashed is the key

send a hashclient call to the server.

On server

get password from database challengeHashServer = Encryption (X, with password)

HashServer with HashClient

There should also be a timeout for this operation to prevent a re-attack.

However, if you are using a Windows environment, why not consider using authentication in Kerberos Windows?

0
source

More articles:


All Articles