We have designed one of our cloud servers to provide several services that have different login services
e.g.
BasicService = ServiceRequiresLogin & our client application uses BasicLoginService to check if the correct credentials are provided
AdminService = ServiceRequiresLogin & our client application uses AdminLoginService to check if the correct credentials are provided
But I notice that there is no real link between AdminService & AdminLoginService on the server side.
This makes me believe that malicious software could access our AdminService by hooking it to BasicLoginService on the client side.
Is this correct?
Is there a way to specifying which login service is needed for a particular service?
If not: Is it always considered less safe/bad practice to have multiple LoginServices?
What I am also wondering about is how a login service works. I see no requirements or attributes on that service.
Can somebody manipulate ClientChannel_OnLoginNeeded so it does not call any service at all (does not appear to work) or call an arbitrary service function using the same channel (not tested)
OK, I guess one way to protect your RO service from tampering with the client application is to add our own security check in each RO call ourselves.
The security check can use data that was put in Session by a particular Login Service thus ensuring that the security “role” is correct.
We are using a single TCP port for our admin and regular services.
Does the fact that we have 2 login services make things less secure?
How does a login service work? How does OnLoginNeeded determine access is granted? Is the function name (Login) important? Are the arguments important?
Is the key the DestroySession() call in the login service?
idea that you are using 7123 port for usual services and 9876 port for admin services.
ofc, users can’t access admin services via usual port.
as for me, this is additional security thing because you can keep admin port in secret.
server-side: Login method receives some parameters (like username, password and some additional info if connection string is used) and validate them. if logic unsuccessful, DestroySession() should be called for clearing session info on server-side.
client-side: when server-side needs login, it raises SessionNotFoundException . Channel detects it and fires OnLoginNeeded method. in this event you should perform server’s login.
OK , the roles approach works and seems a good solution for me
I am still curious about client side hacking especially since the protection is only DestroySession() if I understand your reply correctly. I wrote this little hack code. I can tell you that I did not get access (which is good). However it is still some RO black magic to me why it knowns no real login function was called
… somewhere inside ClientChannel_OnLoginNeeded … #if CHEATROLOGINSERVICE
var itfFakeLogin = ServiceBroker.CoBrokerService.Create(RoCon.message, RoCon.clientChannel);
itfFakeLogin.Ping(“i’m hacker”);
return true; // Client pretends it performed a login by using a random unprotected service call #else
var itfAdminLogin = ServiceBroker.CoLoginService.Create(RoCon.message, RoCon.clientChannel);
return itfAdminLogin.Login(CurSessionUser, CurSessionPassword); #endif
if you return true in ClientChannel_OnLoginNeeded this will mean that login was successful so RO will resend original request that causes SessionNotFoundException:
Use ServiceMethodException event instead.
This event contains ServiceName, MethodName and Exception and Self object
You also can get access to Session data in this event.
Note:Roles for service methods works only for RODL-based services.
The ServiceActivationException event validates service’s roles and it is checked before service is created.
The ServiceMethodException event validates service method’s roles and it is checked after service is created but before execution of method.
