I'm reviewing an applications WCF security, and one of the bindings is a custom binding to achieve compression. The other bindings are standard wshttpBindings using message level encryption using a server certificate. Custom binding <customBinding> <binding name="Elements.Foundation.CustomHttpCompression"> <security authentic...
Hi, I need to access the EndPoint on a service before UserNamePassword valdiation is done. I am having a custom usernamepasswordvalidator. Before this authentication i need to access the endpoint. I tried implementing messageinspector,iservicehbevaior etc but all of them seems to be hit only after UserNamePassword validation. Is there a...
I have a Self-Hosted (Console App) WCF REST service with the following binding: WebMessageEncodingBindingElement HttpsTransportBindingElement (ManualAddressing=true, KeepAliveEnabled=true, AllowCookies=false, HostNameComparisonMode=Exact) This is exposed over an HTTPS URL ("https://mylaptop/myendpoint") I have a self-signed certific...
Hi there, I need to protect my WCF web services and was thinking what is the best way of doing this. Its not really a ROLE / User situation - more of a "WHO CAN CALL THE WEB SERVICE". I was thinking that i could use an IP? Is this the recommended way? Anybody have any experience with this, I was thinking of have a table (sql) with all...
I want to use SSL using security mode = transport. Can I use it with following settings in my web config <bindings> <wsHttpBinding> <binding name="wsHttpEndpointBinding"> <security mode="Transport"> <transport clientCredentialType="Windows" /> </security> </binding> </wsHttpBi...
I have a WCF service which can run as Console App and a Windows Service. I have recently copied the console app up to a W2K3 server with the following security settings: <wsHttpBinding> <binding name="ServiceBinding_Security" transactionFlow="true" > <security mode="TransportWithMessageCredential" > <message clientCredentialType=...
We are creating a WCF service with a companion client DLL (.Net) that we will be delivering to a user's GAC via a web page. The DLL knows how to communicate with and how to interface with the service, and will allow the web page to communicate with the WCF service via client-side Javascript calls. The user's machine will be executing the...
I have a application where the validation is done in the web server side (in the page). and the control is passed to the sl client. The SL client makes call to the ado.net data services for its query and wcf service for writing to the DB. How should I handle the security of the ado.net data services? I use http://programmerpayback.com/2...
Background: I have a WCF service deployed on my local machine that in turns connects to the SQL Server 2005 database. To consume the service, I have a client application that dynamically creates the service client to consume the methods exposed in wcf service. Configuration: OS: Windows XP IIS : 5.1 Problem When I run client FIRST...
Basically my requirement is: WCF Service Application Hosted on IIS 7.0 with Partial Trust Endpoint exposed with BasicHttpBinding Would like to enable basic Authentication (UserName / Password) Would like to use ASP.NET membership for User Authentication I don't want to setup SSL I have seen some tutorials but they are talking about f...
For a distributed production client-server WCF application (self-hosted as a Windows Service with NetTcpBinding), I am adding logic to add expception to Windows Firewall during the installation via netsh command. I have noticed that the remote communication seems to work fine whether the firewall exception is for the program (the execut...
Hi Does anyone recognise this error? The SecurityContextSecurityToken with context-id=urn:uuid:xxx (key generation-id=) is not registered It has suddenly appeared in the service trace log of my WCF service. We had a Windows service successfully transmitting data into the WCF service for a day until it broke. The error manifests when t...
Hi, We hosted WCF services with basicHttpBinding on server side, <bindings> <basicHttpBinding> <binding name="BasicHttpEndpointBinding" > <security mode="TransportCredentialOnly"> <transport clientCredentialType="basic" /> </security> </binding>...
I have a Web Service, Now I want to implement security model for that, Can you suggest me some tutorials which talks about implementing security on service and also on client. i tried OAUTH but there is not much implementation details about Service, tough Client implementation details are present in few blogs. Please Point me to some re...
I wrote a custom WCF binding a while back to allow my load balanced farm to host services via IIS. The reason for the custom binding was that each server didn't have SSL but needed the ability to accept a client credential of username + password. The proxy in front of this farm has SSL so the traffic would be encrypted outside the fire...
I have a WCF service using the basicHTTP binding. The service will be targeted to be deployed in production in a DMZ environment on a Windows Server 2008 64 bit running IIS 7.0 and is not in an Active Directory domain. The service will be accessed by a business partner over the Internet with SSL protection. Originally, I had built the ...
Hi How can i generate temporary certification in windows xp sp3 for IIS 5.1 for hosting WCF services with basicHttpBinding in https? Will it be valid for testing in https evironment locally? thanks nRk ...
Hi all What's the best way to implement Session Handling in a WCF Service if the client that is using the service is not a WCF client but a Java client ? Is it possible to use the integrated Service model? Thank you! Dominik ...
I have a WPF client that connects to a set of WCF web services. We have a Dev, Test, Volume and Production domains, with the services available on a server in each domain. The domains do not have trust relationships. The goal is to have the client connect the the services of any other domain. If the client and server are on the same dom...
Hi, I have created a RESTful Service and implemented the Authentication. It accepts username and password and then grants access to the service requested. It Works fine. Now I want to use SSL on top of my Service. For this I Created Certificate, Then In IIS I gave the required settings. But my service is not working. I am using webHttp...