Hello, I have created wcf service and planning to make it accessible from the internet. The page 'You have created a service' seems to be some stub which should be replaced before putting service on production. Is it a bad practice to have this welcome page on production? What do you do with that welcome page when you publish wcf servic...
Trying to get the simple Hello World (via SSL) working but receiving a following error: The remote certificate is invalid according to the validation procedure. The server App.config is: <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <behaviors> <serviceBehaviors> <...
I have a simple service and I try to set up authentication. On the client I want the user to enter there windows user account. And the WCF will use the username/password provided by the client and authenticate them against windows authentication. Here is my server app.config <system.serviceModel> <services> <service name="W...
I have a WCF client/service with net.tcp transport. When I turn on the WCF tracing on client side I am seeing the following errors in trace (see screenshot from service trace viewer). The strange thing is that WCF is handling and recovering this error and my client doesn't receive any exception and it continues to work. This exception ha...
Hello, I'm trying to figure out how to implement a replay attack detection mechanism with WCF in a web farm scenario. WCF provides such detection mechanism by using a nonce cache. Correct me if I'm wrong, but the only way to ensure to prevent this attack in a message security and web farm scenario is by using a nonce cache shared acros...
Hi All, Can someone please let me know if unsigned SAML 2.0 or 1.1 is natively supported on WCF .Net 4.0. I know that Signed SAML 1.1 is natively supported on WCF and SAML 2.0 is natively supported on WIF but I am not able to find any material regarding unsigned SAML. ...
What I'm trying to do is setup a call to a service on another server. So far.. I've created the proxy and got the config information. What I'm having trouble finding is how to set the security. They are using message security and client certificates. here is my app.config file..what I have so far. Any information on setting the sec...
This is my service configuration in web.config: <binding name="statefulSessionWithUsernameOverTransport"> <security authenticationMode="SecureConversation" requireSecurityContextCancellation="False" allowInsecureTransport="True"> <secureConversationBootstrap authenticationMode="UserNameOverTransport"/> </security> <binaryM...
Hi everyone. I'm building a WCF Service that uses Custom Username/Password validation on netTcpBinding with message level security. I've been researching MaxReceivedMessageSize settings and I've got a query of a rather technical nature. I've noticed that when you specify a custom username validator that it gets called deep inside the pl...
Hi, Recently on one of my machines, my client (WCF client) is having problem talking to WCF server. Both server and client are running on the same machine. The machine is Windows7 64 bit machine. It used to work fine until recently. The same software is working fine on all other machines with exactly same configuration. I am really conf...
Hi I'm getting the following error when trying to connect to a WCF web service: WCF web query ... Unhandled Exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authent...
Hi everyone, I created my custom Claim-Aware WCF Service and a Custom STS Service using the WIF SDK Template. Everything works fine but I would like to define my own custom Identity when I call the service and retrieve it in the STS Service. For example in the following code: protected override IClaimsIdentity GetOutputClaimsIdentit...
Hi guys, i'm trying to secure some WCF services. I'd like to use IIS or the Web.config todo all of the heavy lifting/configuration if possible. I don't want to embed anything in my code - thought I know that may not be feasible. If possible, I'd like to achieve this without having to resort to AspCompatibilityMode :( I'm using a custom...
Moving forward with re-designing a web service architecture using WCF, our team has been discussing how we want to expose the endpoints. Example: I have a standard endpoint that all users could use with the proper token, but I also have some number of endpoints that will instead use certificate security. All endpoints will ultimately use...
The Response format can be either JSON or XML. The clients accessing the Service(s) will be web browsers, IPhones, Android Phones, all kinds of smart phones and other types of devices. The username and password for the users will be stored in a sql server database. I can't pass the username and password in the UriTemplate. There will...
Hi Why use Windows authentication for WCF service hosted on IIS, if I can limit accessing the IP range to be "localhost", Is there a security hole here. if not, then why Windows authentication is supported by WCF, sense I can restrict IPs for all Intranet scenarios. thanks ...
For proof of concept and learning purposes, I'm trying to do the most simple possible use of SecurityAction.Demand as follows: [PrincipalPermission(SecurityAction.Demand, Role = @"MyDomain\MyGroup")] public string GetData(int value) { return string.Format("You entered: {0}", value); } I wrote a console test program, and I'm getti...
Every example I see uses the default Membership Provider with the userNamePasswordValidationMode, but can I specify MembershipProvider for userNamePasswordValidationMode in the ServiceCredentials for a WCF REST Service if I have a Custom Membership Provider? Is the following route the best to take if this is possible: Create a custom ...
For a few reasons, the bunch I'm working for don't want to use certificates and don't like the idea of a service that can be accessed by anybody with a valid logon. My question is how can I authenticate an application as being an official application suited for use with these wfc services without using certificates? They are trying to...
Hi, I'm getting the following error in my WCF project: "An unhandled exception of type 'System.InvalidOperationException' occurred in System.ServiceModel.dll Additional information: Could not find default endpoint element that references contract 'IPhiFeed' in the ServiceModel client configuration section. This might be because no con...