Improving Web Application Security: Threats and Countermeasures
Enterprise Services applications use Windows authentication. This is either NTLM or Kerberos authentication depending on the client and server operating system. In Windows 2000 or Windows Server 2003 environments, Kerberos authentication is used.
The main issue for you to consider when building serviced components is to ensure that all calls are authenticated to prevent anonymous users from accessing your component's functionality.
Use (At Least) Call Level Authentication
To reject anonymous callers , use at least call level authentication. Configure this setting by adding the following attribute to your serviced component assembly:
[assembly: ApplicationAccessControl( Authentication = AuthenticationOption.Call)]
| Note | This is equivalent to setting Authentication level for calls to Call on the Security tab of the application's Properties dialog box in Component Services. |
Категории