wcf-security

How to programmatically turn off security in WCF

I've been working with WCF the last two days and it was going very well with the server and client both on my development machine. Now that I am trying to do some distributed testing with the client on another machine on the network I've started running into problems. Right now the error I am getting is: The message with Action 'ht...

Trouble using IAuthorizationPolicy with WCF and Castle-Windsor

I'm currently using Castle-Windsor with the WCF Facility to inject all my WCF services. I've just started adding permission requirements using a custom IAuthorizationPolicy, which seems to work when done on a per-method basis on the service, but when the service class itself is marked up with the requirements, I get an exception thrown. ...

How to authenticate in WCF services in BasicHttpBinding?

Hi, I am developing WCF services with basicHttpBinding, these services should be accessible using .net 1.1 & .net 2.0, for this purpose I am using basicHttpBinding. In old ASMX web services I assed one Soap Header (AuthHeader) to authenticate the user every request.How Can I authenticate in WCF using basicHttpBinding? Any sample Or tuto...

Problem accessing WCF service when hosted in IIS

I have a problem accessing WCF service that I added for my silverlight project. Here is what I did Created the silverlight project and enabled the project's default web setting to use "Use local IIS web server". Then I added a WCF enabled web service (Service1.svc) in the web project. This created the service with the default custom bi...

WCF Security Transport Security Questions

I'm writing a set of WCF services that rely on transport security with Windows Authentication using the trusted subsystem model. However, I want to perform authorization based on the original client user that initiated the request (e.g. a user from a website with a username/password). I'm planning to achieve this by adding the original...

What is the best way to implement authentication in a WCF service on an enterprise architecture?

I'm relatively new to WCF and would like some opinions on what's the best (or most correct) way to implement authentication on an application that exposes its' business layer operations through WCF? Is a token supposed to be passed, encripted username/password and verified each time...or what? Also any links would be appreciated. Tha...

WCF security with AD functional groups

I have a WCF service running as a Windows service on intranet and I need to check that users accessing the service belong to certain AD functional groups. That is quite straightforward. I can call a method decorated with [OperationContract] that does that. However, can I enforce this check is performed each time the service is instantiat...

How are RESTful WCF services secured so that only the calling application can call them?

I have an application that uses Silverlight and ASP.NET as a front-end. It retrieves data from the server by calling some RESTful WCF services that are hosted there. I'd like to prevent the curious user from opening up a new browser window and calling the web service themselves. Is there a way to restrict access to the web services to a ...

Identity of thread in self hosted WCF service when called from Web Application

I have a Windows Service that is self hosting a Wcf service, this Wcf service has a tcpBinding with default settings. The Windows service is running as LocalSystem. The Wcf Service is referenced (default settings) by a Web application that is running in IIS 7.5 integrated pipeline within it's own application pool with its own identity. ...

WCF conversion of larger system Multiple Inputs?

I have many apps currently using a DAL we wrote. I am attempting to reconstruct these app biz layers within a WCF. I have to pass back to the mainframe watchdog a security token for each of our bizz apps. Would I make numerous WCF Front ends, exposed on web server, to have them tie back to the proper "service" dll for processing? H...

WCF Error "This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case"

Hello, I'm having a problem using a WCF call from a Windows service to my WCF service running on my web server. This call has been working for a number of weeks, but then stopped working all of a sudden, and has not worked since. The exception I'm getting is: "General Error Occurred System.ServiceModel.CommunicationException: An erro...

Web Services only connecting to Trusted Devices

I am on a project that uses web services to communicate with hand held devices (Symbol MC70s running windows mobile 5). We need to make sure that others on the internet can't connect to the web services and start sending info. I have made a certificate so that the hand held will only connect to my services, but I don't know how to make...

Access web.config settings using WCF Impersonation with net.tcp binding

I'm trying to use impersonation with my WCF service (using net.tcp binding) hosted in IIS 7. I've got to the point where it's impersonating the client but whenever I try to access any configuration settings in the web.config using Settings.Default.SomeSetting it throws a SettingsPropertyNotFoundException. Is this because IIS is running u...

practical security ramifications of increasing WCF clock skew to more than an hour

I have written a WCF service that returns 'semi-private' data concerning peoples name, addresses and phone numbers. By semi-private, I mean that there is a username and password to access the data, and the data is meant to be secured in transit. However, IMHO noone is going to expend any energy trying to obtain the data, as it is mostly ...

Architechture of service application in WCF

I need some help with the architechture of a WCF application. The will be a number of services that should be available to serve a number of different clients, e.g. ASP.Net application (JavaScript and/or Silverlight) iPhone Windows Mobile Android Some of the services need authentication and some will be available w/o authentication. ...

How to provide PIN to access smartcard programmatically?

I'm using certificates to secure my communications between client and server (no code, just endpoint configuration). Certificates are currently stored in ACOS5 smart cards. Everything works very well except that every time when WCF creates a new channel to access the server, the ACOS5 driver asks user to enter “User PIN”. Unfortunately, ...

FoxPro oledb driver wont allow writes accross servers (WCF)

Ok we have a WCF service running on one machine on IIS6 + server2003 r2 this service needs to write and read to/from a fox pro database that is located on another machine on the network - windows 2003 (probably r2). After playing with permissions (both on the fox pro file and impersonation in WCF) we have finally managed to read from i...

WCF membership provider versus custom service authorization manager w. custom username validator

I am quite new to WCF and I am trying to setup services and have received two different advice: Use a the built in authentication service with a membership provider (http://msdn.microsoft.com/en-us/library/bb398990(VS.100).aspx) (http://stackoverflow.com/questions/2077854/custom-usernamepasswordvalidator-with-silverlight-3-0). Use a c...

How to save user object in WCF

Hi I have a service that uses a custom "UserNamePasswordValidator" and need to save the validated user object to be able to retrieve it later in the service. How can I do this? Or how can I access the credentials of the user later in the service? /Viktor ...

How to connect Java client to WCF service using clientCredentialType="Basic"

Hi, I have to connect from a Java client to a WCF Web Service which has the following binding configuration: <basicHttpBinding> <binding name="basicHttpBindingSecurity"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> I'...