WCF - Can i securely use the CallbackChannel to identify authenticated clients?

I'm using NetTcpBinding with a WPF client. i want to know if the CallBackChanel (OperationContext.Current.GetCallbackChannel) can be spoofed by some one else ... i meen, can i be sure, if i store this CallBack object in a list, this call back can't be use by some one else ...

exemple :

        private class ClientCallBack
    {
        public IDuplexServiceCallBack CallBack { get; set; }
        public long UserId { get; set; }
        public bool IsAuthenticate { get; set; }
        public DateTime LastPing { get; set; }
        public DateTime LastPong { get; set; }
        public bool Fault { get; set; }
        public long Ping { get; set; }
    }
    static List<ClientCallBack> Clients;

     public void Login(string UserName, string Password)
    {
        var auth = new AutentificationService();
        var user = auth.Login(UserName, Password, true, null);
        if (user != null)
        {
            Clients.Add(new ClientCallBack()
            {
                CallBack = OperationContext.Current.GetCallbackChannel<IDuplexServiceCallBack>();,
                Fault = false,
                IsAutenticate = true,
                LastPing = DateTime.Now,
                LastPong = DateTime.Now,
                Ping = 0,
                UserId = user.Id
            });
        }
    }
     public void action() {
        var client = Clients.FirstOrDefault(o => o.CallBack == OperationContext.Current.GetCallbackChannel<IDuplexServiceCallBack>(););
        if (client != null && client.IsAutenticate)
        { 
        //This client is authenticated 
        }
    }

is it possible for some one to use the callBack of someone else?

tanks

Answers


This is a very vague question, but I think I understand what you are trying to get at. First, OperationContext.Current.GetCallbackChannel will definitely give you the caller of the service, whichever client that may be. Another client (at least on windows) would not be able to use the same TCP channel since it is already in use.

Now if you are talking authentication, or how to make sure the client that called the service is legitimate, that is a different topic all together.


Need Your Help

Interfaces and Coupling

c# design loose-coupling

From a design and loose coupling standpoint. Is it a good idea to have an interface for each class in a project that might be part of a composition model?

Meaning of dummy macro in SAS

macros sas

I inherited some macro at the very beginning of which settled down the following line:

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.