I am consuming a Java Web Service as a WCF service from .NET. The service has an HTTPS endpoint and requires the message to be signed with a client certificate. I have set up WCF tracing and with the Service Trace Viewer I can confirm that the request is signed and sent off as expected and a valid response is returned from the service....
I have a little application I build that monitors tickets submitted. It basically just sits there in the corner and notifies when new tickets arrive. I need to get the persons username who is logged into the computer to pull their tickets. I tried searching, but I think I'm using the wrong terminology as I couldn't really find anythi...
Hello, Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only BasicHttpBinding-binding? (I can’t use the wsHttpBinding-binding) The site is hosted on IIS 7, with the following authentication set up: - Anonymous access: off - Basic authentication: on - Integrated Windows authentication: off !...
I have created WCF and I have used wsHttpBinding and MTOM as message transport with authentcation as "Windows". Now my service is not current SECURE, its plain HTTP, running on custom port. Is Windows Authentication of WCF's wsHttpBinding secure? can anyone see the password or guess through network trace? Environment Information: H...
Is there any way to pull information about which client certificate was used inside of my web service method when using <security mode="Transport>? I sifted through OperationContext.Current but couldn't find anything obvious. My server configuration is as follows: <basicHttpBinding> <binding name="SecuredBasicBindingCert"> ...
I have a client app that makes calls to a WCF service. This app is on a public computer that's easily accessible and anyone can easily copy the .EXE and .CONFIG of my app into another machine and start using it. Is there a pattern where I can check if the request is coming only from an app on a computer I installed it on and not on one ...
Hi, I have WCF service accessible over Internet which uses wsHttpBinding with message security mode and username client credentials. <bindings> <wsHttpBinding> <binding name="wsHttpEndpointBinding" messageEncoding="Mtom" maxReceivedMessageSize="104857600"> <readerQuotas maxArrayLength="104857600"/> <s...
I have a WCF service self hosted in a console application. I need to use a custom username and password validator (I wrote a class that inherits from UserNamePasswordValidator for this purpose). I need to use http (not https). Which is the right configuration (in term of type of binding, security mode) for setting up this configuration ?...
can i implement a custom claim authorization policy for self hosted WCF service (in windows service) without the need for iis installation? what is the configuration i need for that. is there is any other way to manage authorization outside of WCF service with custom class (as i dont want to interfere the code with authorization checks)...
Is it possible to configure a WCF service to use sessions, and also not to require the client to send any credentials? If so, how should the bindings section of the service's App.config file look? ...
Hi, I'm getting what appears now to be a security error in my WCF Service. Originally my error was about a falted state(removed using around client proxy to clear this error), but have found more information through enabling trace. I have been unable to get my solution running after encountering this error, and even my backup copy now...
I have a WCF application hosted on IIS 6 that needs to Have 2-way SSL authentication Validate client certificate content with some client host information Validate client certificate is issued by the valid subCA. I was able to do 1) successfully. I am trying to achieve 2) and 3) by following this - basically creating a class that in...
I have tried every combination to allow unauthenticated access to WCF as in "Local System" accounts, in IIS without success. Here is what I've most recently tried: wsHttpBinding with Message security and mode set to "None". IIS anonymous access enabled, all others disabled, folder level access at default (but granted read access to "Use...
The current situation is as follows: We have an production .net 3.5 WCF service, used by several applications throughout the organization, over wsHttpBinding or netTcpBinding. User authentication is being done on the Transport level, using Windows integrated security. This service has a method Foo(string parameter), which can only be cal...
What are the best soup-to-nuts learning resources to get up to speed on WCF security? Most WCF tutorials don't bother with security and use basicHttpBinding however, what I'm doing needs to be industrial strength. I need to learn how to minimize the size of messages on the wire encrypt messages on the wire so they can't be sniffed and...
Hello All In a Project being upgraded I have to Consume a WCF service ( Service A) published by 3rd party ( no Control) in my WCF Service. I have been using ServiceA in My Web App project ( vs2008) and it has been working fine. I started by Adding Service Reference in my WCF Project ( ServiceB). Lets say Name of the Service is "XYZ"...
I have a WCF Service hosted on a server with Real IP but no domain name. Clients are .NET desktop applications. I need to encrypt the data going back and force between the clients and the server. How can I do that? I understand that Certificates required for the SSL connection need a domain name. is this accurate? What options do I have?...
Hello all, I have the following scenario: Multiple users (< 100) User accounts in AD (under different groups) Every group in AD corresponds to a internal department; each department have at least one supervisor (One may say) We have cross-supervisioning (there are supervisor roles appliable to group of groups, i.e., there may be one s...
Hi, I have WCF service that uses wsHttpBinding and authentication with certificate. I run this service on multiple machines and my firewall routes the request to the different servers. The problem is when the client open proxy and works with one server and on the next call the firewall routes the request to another server I get an exc...
I have a secure WCF service with custom authentication. When I am stress testing it - having a few dozens of clients connect at the same time, I often get the following exception in my server-side logs: System.ServiceModel.FaultException: Access is denied. at System.ServiceModel.Dispatcher.AuthorizationBehavior.Authorize(MessageRpc& ...