I'm trying to figure out how to implement a replay attack detection mechanism with WCF in a web farm scenario.
WCF provides such detection mechanism by using a nonce cache. Correct me if I'm wrong, but the only way to ensure to prevent this attack in a message security and web farm scenario is by using a nonce cache shared across the servers (i.e.: AppFabric
In WSE3.0, it used to be possible to provide nonce cache custom implementations
but there doesn't seem to be any way to do so in WCF (No configuration options, besides I found with Reflector that the NonceCache class is marked as both sealed and internal..)
View Complete Post