wcf-security

What is message wrapping in WCF

In WCF Messsage contract we have IsWrapped atribute and wrappername, wrappernamespace attribute Question? What is Message wrapping What are the advantages of wrapping messages Is it secure to wrap the messages. ...

Keep MEX binding insecure while securing HTTP binding w/ UsernamePasswordValidator?

We're using UsernamePasswordValidator along with a certificate to secure access to our WCF services. However, the custom authorization policies we're using are SERVICE behaviors, not endpoint behaviors, so they apply to all endpoints, including the MEX endpoint. We'd like to be able to go and grab the service references using visual st...

WCF Service Tier - Use delegation to pass users identity across physical bounderies - how do you do this for Novell?

I have a WCF n-tier solution. When used in a Microsoft AD shop i can specify a domain account in AD that can use delegation so when i run the WCF servics under that account i can pass the users logged in identity across physical bounderies and to the ultimate destination - is this possible to do in a Novell shop? Does Novell offer a si...

Passing FormsAuthentication cookie to a WCF service

Hi, I have a website that talks to a remote WCF web service. Both use the same custom FormsAuthentication Provider. I would like to authenticate with the WCF service impersonating the user currently logged in the site. I already did this manually, using UserName client credentials but I need to know the user password. So, what works so f...

WCF - Cannot Find the x.509 Certificate Using the Following Search Criteria

Ok, I have seen several questions related to this issue, and I have tried a lot of the ideas presented in them with no success. Here's my situation: I'm hitting a web service over my company's intranet. I have used svcutil.exe to generate the client class for WCF. I was able to run the web service call with no problem when the service w...

Pattern for WCF Kerberos Clients where Server uses User Account

We have a WCF (Windows Communication Foundation) client and service application. We're using Windows Authentication with Kerberos. The issue is that the service may be run under one of many accounts (maybe Network Service, maybe a specific user account -- depends on the IT group). This account is not not likely to change daily, but ...

WCF Client Using Certificate and Username/Password credentials?

I am consuming a web service internal to my company from ASP.NET. I've used svcutil.exe to connect to the service and generate the bindings and classes from the wsdl. I am able to connect to the dev version, which does not require authentication. Now we are adding in security. My new URI uses https but also requires user credentials. I...

Security configuration when using custom binding in WCF

Hello, I'm about to port an application to silverlight. Until now my client application talked to the server using netTcpBinding. However Silverlight doesn't support that, and I found out that they recommend to use a custom binding instead. I'd like to know wether I need to configure the binding in a special way regarding security. My...

How to inject an object into a WCF validator class

Following up on using dependency injection for WCF services, is there any way of using DI for WCF validators, so that one could do this: public class DIValidator : UserNamePasswordValidator { private readonly IService service; [Inject] public DIValidator(IService service) { this.service = service; } pub...

Is WCF Username Authentication without Transport Security a security risk?

I am trying to use username message security in WCF. I am trying to find out if using transport credential type of None/Anonymous will pose a definite security risk. My concern is with the initial exchange where binary data is tunneled through using the WS-trust specification (TLS negotiation). Will this attempt to authenticate my user...

How to authenticate client while consuming the WCF web service ?

I want to authenticate a client while consuming a Web service. I see a property exposed in the Client called ClientCredential in which we can pass username and password. How can I pass this information to my WCF web service and how can i authenticate the user ID and password? ...

What is the difference between WCF Service application and WCF Service library?

Hi, I am developing WCF web service and I used WCF Service application to do that.Is that creating "WCF Service application" fulfill this requirement. and above all what are the advantage of creating WCF Service Library over WCF Service application? ...

accessing WCF service through URL

I have a WCF service ( Let's say WCFService1 ) is deployed on two remote machines. Since the same service is deployed on two different machines they have common interface and common methods exposed. WCFService1 is deployed on Machine1 and Machine2. To consume WCF service from client machine, I have created a client app: I have added ...

Problems with WCF authenication

I have a very simple WCF service that I would like to expose publicly. I created the service and set it up over our server without much hassle. The problem is that we are able to use the service from within our private network, but when we attempt to use it from outside the network, the following error is throw: “The Security Support ...

WCF Proxy and userPrincipalName

We have a rather large application my team and I are developing that contains a number of WCF NetTCP-based services. The Windows service this system will be running under won't be a local account, but instead a standard domain user (with admin privileges on the servers hosting the service). In the middle of testing connectivity I ran int...

Impersonate FormsAuthenticated user in HttpHandler for WCF call

I'm using HttpHandlers to generate PDF report files "on-the-fly" using the authenticated user context. However, to create the report PDF file I need to call a method on a secure WCF service with the context of the caller (the authenticated user). I saw plenty of answers for the Windows authentication but I'm using plain old Forms authen...

How to prevent others from adding the service reference of the hosted wcf service?

If i am hosting a WCF service so that someone(i.e someone whom i know) can consume my service, but what if someone else(i.e someone whom i don't know) consumes it then would do i? How do i prevent that?How can this be achieved? Can it be done through service throttling or what are the other ways of achieving this? ...

WCF Exception - The 'Body', 'http://www.w3.org/2003/05/soap-envelope' required message part was not signed. Issue

I'm running a WCF client locally that always throws a MessageSecurityException with the text: "An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail." The Inner Exception Message Is: "An error occurred when verifying security for the message" I set up a ...

WCF and Kerberos Authentication

I have followed numerous msdn articles and the codeplex guidance but cannot get WCF to work with Kerberos authentication and delegation and would appreciate a little help. Setup I have the WCF service in an IIS website on a remote machine IIS 6.0 on Windows 2003 R2 - SP 2 The SPN for the machine has been added (http/myserver && http/...

WCF Certificate Authentication without installing on the Client

Hi All, Our setup includes a WCF service and a number of clients written by us. Some of the clients include Silverlight applications, whereas others include Web and Windows applications. I (think) I would like to authenticate clients based on X.509 certificates. Typically you would install a private key on the client to encrypt (aka ...