I need to host a WCF service that will give its clients access to internal business systems on a public web server. Obviously, I have to ensure this so that no one from the outside world even knows that there is a service, not to mention the possibility of calling methods and accessing the data that it provides.
The general idea is that a public site hosted on the same computer will call the WCF service, and then the WCF service will provide it with the necessary data ...
Public Facing Web Site <-> WCF Service <-> Business Systems / Databases
Therefore, I need to understand how to protect the service so that it can be obtained only through a public site.
The ideas that I had.
- IIS, so the IIS site hosting the WCF service will only accept requests from a specific IP address.
- Bad port that will not be allowed through the public firewall.
- Protocol such as NetTCP or NamedPipes
But what about the actual WCF security setting? Since both the Public Facing Site and the service are on the same machine, is Windows Authentication an option? The questions that I have regarding ...
Should the service client and service just use Windows authentication?
Do I need specific user accounts and not a network service? If the website runs under a network service, will it automatically authenticate with the service?
My goal is that someone from the outside world should not know about the existence of services or be able to access it.
Thanks in advance.
Technical environment: IIS7, .Net 4 and WCF 4.
source
share