Hi, I'm looking into creating a WCF service that will connect to our Product Management system to provide/update product licensing information. It will be a self hosting service wrapped up in an NT service and I'm looking at ways to mutually authenticate both the service and the client. Clients will be desktop applications running on ...
Hi guys, I am faced with a WCF security scenario that isn't particularly well documented online. I am developing a product licensing service in WCF that will be deployed along with our software (i.e. the service is running on the same PC as the client). This licensing service will be responsible for a number of things related to cont...
Hi there, Imagine a self hosted WCF service, and a client that connects via a proxy. Is it possible to implement custom validation of service credentials from within the client? i.e. Is it possible to validate the custom service user name and password? It's very easy to set up custom validation of client credentials in a service host ...
First of all, sorry for the dummy question. Couldn't find any straight answer on the internet. I'm new to WCF (and using services in general) and would like to get some information about my security concerns. Suppose I have an open source web application written under .Net which has a WCF Service to change the site users' profile data in...
Hello, I set up a custom binding with http and https endpoints for my WCF webservice. However, when I attempt to call the https endpoint, I get the following The provided URI scheme 'https' is invalid; expected 'http Here are my two bindings <customBinding> <binding name="jsonpBinding"> <jsonpEncoding/> <...
Hi, I created a WCF service and one of its methods connects to database to perform some task. when I call the WCF service method from the client (website or console app), I get a login failed error ("login failed", login is from an untrusted domain"). I can connect to the database from the website successfully, but when I do the same b...
Hi there, I want to implement a custom identity validator in my client for my WCF service, however I want to use BasicHTTPBinding. Can anyone tell me where I set my IdentityVerifier? The only examples I have seen extract a type of SecurityBindingElement from a secure binding (i.e. WsHttpBinding) and set the IdentityVerifier on that, b...
I've got a WCF client and service. The service is configured to use a certificate for encryption. This is all working fine. We're using self-signed certificates for testing. Except that one of my QA guys has deleted the certificate from his client PC and he can still connect to the service. This leads to my question: In Internet Explo...
I've got a WCF client and service. The service is configured to use a certificate for encryption. This is all working fine. We're using self-signed certificates for testing. Except that one of my QA guys has deleted the certificate from his client PC and he can still connect to the service. I've looked in CERTMGR.MSC and I can't see an...
Hi How do I use current date & time as the value for the findValue attribute in the ServiceCertificate config when using "FindByTimeValid" for the x509FindType? Using DateTime.Now as below obiously doesn't work but neither does "2010-10-20 14:35:28Z". I have two certificates on the server with the same details as one of them has expired...
Hello, I have several WCF wsHttp services using Transport security over an SSL connection. Presently I use "Windows" for the clientCredentialType and all has worked fine with exception of one scenario where my e-commerce site (its own SSL) had a problem communicating with the other server via SSL and I had to create a separate service ...
Hi We have got multiple application that uses different way of authetication to authenticate user. Almost all application are developed in WPF but there are few application which are developed in ASP.NET and Silverlight. Our ultimate goal is that every application that we had developed already and those we develop in future will use a ...
Dear All! In a current project we are hosting a WCF 3.5 service on IIS7 and expose the methods through basicHttpBinding to an Adobe AIR/Flex4-client. Luckily Flash Builder 4 has integrated support for SOAP, so that a service-proxy can be generated easily. Unfortunately, we are not able to find any elegant solution to enable username au...
I have a WCF service hosted in my local IIS and I'm trying to access it from my windows application. The binding uses the authentication mode as 'IssuedTokenOverTransport' I have another service hosted in the same IIS which issues a SAML token. Windows application first calls this service, takes the SAML token issued by this service and...
Hello all, I have a question about the above topic. I have a WCF service and use the Transport security model for it. But there is some mechanism related to the Thread state that I can't understand. In constructor of my service I tried to set the Thread.CurrentPrincipal but at the begin of a called method of my service the Thread.Curren...
Hello all, I need help in following:) To begin with I work on the large application, that has a WinForms client and server. Server in our case is the set of WCF services. There is one service that is responsible for authentication of users. The logic of authentication is custom and complex and authentication service uses different memb...
Hi, I have a Windows Service (not a webservice) and I need to provide some security. ie. Only authorise users run methods of the service. Is it possible to use certificates like you can do for webservices? Can anyone describe the process of how one would go about doing this? Thanks! ...
I have a WCF web service built in .NET 4.0 that is configured to require a username/password on each call and uses a Server certificate in the behaviour to encrypt the request. It currently uses wsHttpBinding. I have a .NET 4 utility app that lets me call the methods on this WCF web service just fine. I need to call this service from a ...
Hi how can I protect my WCF service and how can I test its security? For example, I do not want to allow people who knows the WCF service url to invoke it and pass parameters to get database information. Later, should I create a C# console program to invoke this WCF service in order to test if an invalid visitor really can't access d...
What is the advantage of using a trusted certificate instead of self-signed for message security in WCF? As far as i understand it's only used for encryption, not really validating the identity. ...