StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POIs it possible to perform an CSRF attack on WCF service with webHttpBinding?
primarykey
Id
10430423
data
AcceptedAnswerId
0
AnswerCount
2
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-05-03T11:27:51.190
FavoriteCount
0
LastActivityDate
2015-04-28T15:38:21.127
LastEditDate
2012-05-03T15:10:00.803
LastEditorUserId
637677
OwnerUserId
637677
ParentId
0
PostTypeId
1
Score
0
ViewCount
1016
LastEditorDisplayName
text
Body
We are using WCF service with <code>webHttpBinding</code> binding to expose endpoint to clients. Service is hosted by IIS (.svc). Client is JavaScript generated automatically using <code>enableWebScript</code> behavior. All methods are using POST. Is it possible to make an CSRF attack to this service? I considered the following options: <ul> <li>AJAX - not possible, because cross site requests are not allowed (I am assuming that our site isn't prone to XSS)</li> <li>HTML Form submit - not possible, because service requires certain HTTP headers which can't be set using HTML form</li> </ul> Is there any other option? Flash, Silverlight, web sockets or something else? Valid request looks like this: <pre><code>POST http://site/Service.svc/ServiceMethod HTTP/1.1 Host: site User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: cs,en-us;q=0.8,en;q=0.5,pl;q=0.3 Accept-Encoding: gzip, deflate Connection: keep-alive X-Requested-With: XMLHttpRequest Content-Type: application/json; charset=utf-8 Referer: http://site/ Content-Length: 33 Cookie: cookies, session id, etc. Pragma: no-cache Cache-Control: no-cache {"param1":11,"param2":"123"} </code></pre> To be clear: I am trying to secure my service. Not perform an attack. I am considering adding an "authentication token" to every call, but first I would like to know if it is worth the effort.
Tags
<asp.net><wcf><web-services><security>
Title
Is it possible to perform an CSRF attack on WCF service with webHttpBinding?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USjakubka
UserOwnerUserId
1. USjakubka
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.