Message Boards

All times are UTC - 5 hours

 [ 1 post ] 
Author Message
 Post subject: Obfuscation of WCF service data contracts
PostPosted: Mon Mar 19, 2012 12:12 pm 

Occasionally, a user will want to obfuscate their WCF service data contract so that messages sent over the wire do not reveal proprietary information. Using SSL for this communication is a good first step, but using a tool such as Fiddler a dedicated attacker is still able to decrypt and view the HTTP traffic. Dotfuscator excludes types and members used in WCF data contracts automatically as part of its Smart Obfuscation technology. However, if a user has control over both the client and service and wants to pursue obfuscation of the data contract, it is possible to instruct Dotfuscator to disable the Smart Obfuscation feature responsible for excluding such types and members.

Add the service binaries, data contract DLL, and client binaries to the same Dotfuscator project. Disable the "Types and fields marked as serializable" built-in rule from the Rename -> Built-In Rules tab and ensure that "Compatibility with XML serializer" is checked in the Rename -> Options tab. Also, ensure that you are not explicitly setting the Name property in your [DataContract] and [DataMember] attributes, as this will override the actual type and member names. Finally, add a Project Property on the Settings -> Project Properties dialog named smart_disable_list with a value of Net30Rule. This will disable the Smart Obfuscation feature responsible for preserving WCF data contract names. Then just make sure to include the obfuscated contract DLL with both the server & client binaries.

Display posts from previous:  Sort by  
New Topic | Post Reply  [ 1 post ] 

All times are UTC - 5 hours

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for: