Own custom encryption in WCF?

Question

1.57/5 (3 votes)

See more:

I'm building a WCF desktop client-server application in C# and I want to configure WCF to use my own custom encryption.
I don't want to use certificates at all.
Is this possible?

What I have tried:

I haven't found anything so far in the web.

Posted 15-Oct-18 0:49am

Ath Tse

Updated 15-Oct-18 1:00am

Leo Chapiro

v2

Add a Solution

Comments

Richard Deeming 16-Oct-18 11:20am

Simple answer: don't.

Unless you are a team of highly-qualified encryption specialists, each with multiple PHDs in the field, and your "custom encryption" has been publicly tested for several decades, then anything you come up with will be significantly less secure than any standard encryption algorithm.

Memo to the Amateur Cipher Designer[^]

Ath Tse 17-Oct-18 5:11am

Thanks for the advice.
My app is very small and I can't say to the customer that he must pay for a certificate.

Richard Deeming 17-Oct-18 6:08am

Then don't pay for one. :)

Let's Encrypt[^] will give you a free SSL certificate for any site you control.

If you're on Windows, and the DNS for your site is pointing to your server, you can use this tool[^] (also free) to automatically obtain and install a free "Let's Encrypt" certificate. It will also set up a scheduled task to automatically renew the certificate shortly before it expires, so you don't even need to worry about that.

Ath Tse 17-Oct-18 6:36am

My server is just a normal PC (not hosted anywhere) with no static ip.
The client is another PC that will connect to the server through internet.
I have tried the self-signed approach but it didn't work.
I thing my encryption algorithm is safe enough.
Is there an example to do this?

Richard Deeming 17-Oct-18 14:57pm

No. Rather than trying to reinvent the wheel, why not concentrate on getting the self-signed certificate to work? I'm sure if you post a question with the details of the problem you're having making it work, someone will be able to point you in the right direction. :)

Ath Tse 18-Oct-18 11:20am

OK,
I will do that.
Thanks!

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Leo Chapiro · Answer 1 · 2018-10-15T01:01:00

Solution 1

I wonder that you "haven't found anything so far in the web": Secure WCF Services with custom encrypted tokens – chsakell's Blog[^]

Quote:
There are some times though where you cannot or don’t want to use WCF security available options and hence, you need to develop your own authentication logic accoarding to your business needs. This post will show you how to pass encrypted information from the client to server using a custom header, with the latter (server) decrypting and authenticating each request.

Take a look, it seems to be what you need.

Posted 15-Oct-18 1:01am

Leo Chapiro

Updated 15-Oct-18 1:02am

v2

Comments

Ath Tse 16-Oct-18 3:42am

That article shows how to encrypt the authentication logic only.
I want to encrypt the entire connection (body?) with my own encryption algorithm.
My English is not good that is why I cant search efficiently the web.

stelios1984 6-Feb-19 8:43am

Your english are not bad..

I am also in the same ship with you.
I use xamarin.Forms and Portable Class Library which in that i reference my WCF.

Due to Xamarin.Forms and PCL combination i cannot use all the security functionality of WCF and now my service
is exposed (in every request i can see from fiddler the body in xml) i look in internet for more that 1 week now how to encrypt envelop and decrypt it on client or server but no much resources on this..
I try several methods like implement

IDispatchMessageInspector (SERVER - WCF) and
IClientMessageInspector (CLIENT)

but again i still have difficulties to make it work..

Now i try to implement Custom Encoder but don't really know where to start and how to implement it.. All the resources found are not much as also not very well understandable