Hello,
I have been tasked to implement a WCF service that makes use of NetMsmqBinding. I wrote the service and it works fine. The problem is that in the last minute they told me that there will be no Active Directory integration. So I don't know how to configure the security of the service. There is a VPN tunnel between the service's and the client's machines but they do not use the same active directory. Please advice. Any kind of help or tutorials would be appreciated.
views:
718answers:
5You should be able to take advantage of network transparency.
Use webservices to communicate from one system to the other. You might have to deal with extra latency, but it should still be usable.
The problem is that the service is not always online. That is why using WCF over MSMQ is preferred for this scenario. So I am sending one way messages through MSMQ - which works fine. My only problem is that I am new to WCF and am not familiar with WCF security. I would like to be able to sign and encrypt the messages since the information to be sent to the service is confidential. I would like to make sure that only authorized clients call the service. Any suggestions?
Well first, you can use WCF's security, the WS-* stuff. Some info here:
Second, you might find this blog to be helpful:
One of the articles there about cross-domain sending mentions this article (Cross-Enterprise Support):
Which might help you configure it in general.
Thank you, Michael, but this information wasn't helpful...
I found this: http://www.codeplex.com/WCFSecurityGuide/Release/ProjectReleases.aspx?ReleaseId=14070 - a book from "Microsoft Pattern & Practices" which describes in detail the security in WCF - a must-read for every WCF developer.
I'm not sure I understand your question so correct me, if I'm wrong. I have recently been woring on a WCF service that was hosted on a computer with no Active Directory available. We secured it using certificates. Is it an option for you? It's pretty painless (if you get past the 'put the certificate in the store and give the correct user access to it' part).