Preventing Replay Attacks When a WCF Service is Hosted in a Web Farm

When using message security WCF prevents replay attacks by creating a NONCE out of the incoming message and checking the internal InMemoryNonceCache to see if the generated NONCE is present. If it is, the message is discarded as a replay. When a WCF service is hosted in a web farm, since the InMemoryNonceCache is not shared across the nodes in the web farm, the service is vulnerable to replay attacks. To mitigate this scenario WCF 4.5 provides an extensibility point that allows you to implement your own shared NONCE cache by deriving a class from the abstract class NonceCache.

NonceCache Implementation

To implement your own shared NONCE cache, derive a class from NonceCache and override the CheckNonce and TryAddNonce methods. CheckNonce will check to see if the specified NONCE exists in the cache. TryAddNonce will attempt to add a NONCE to the cache. Once the class is implemented, you hook it up by instantiating an instance and assigning it to NonceCache for client-side replay detection and NonceCache for server-side replay detection. There is no out of the box configuration support for this feature.

See Also

Message Security
SymmetricSecurityBindingElement