0

I am attempting to use the Azure service bus relay to expose a WCF service to users outside of the company network.

I have succeeded to some extent, but in order to prove that the communication works I have had to remove all of the custom username and password authentication implemented on the WCF service.

I have been googling and reading around the topic for a while and believe that the NetTcpRelaySecurity mode is where I need to make changes - from transport to TransportWithMessageCredential (because this is what the client and service use within the network)

So, how do I change this setting in the configuration file? I cannot find any examples so far.

Also, am I going about this the right way? Can I pass through username and password client credentials from an external client application to a WCF service through the service bus?

Lewray
  • 1,164
  • 1
  • 11
  • 26

1 Answers1

0

You are right there are not many sample configurations out there. Here’s something that you can try for the configuration.

NetTcpRelayBindingConstructor NetTcpRelayBinding Constructor (EndToEndSecurityMode, RelayClientAuthenticationType)

EndToEndSecurityMode has the following enumerations.

 Member name    Description
 None       Security is disabled.
 Transport  Security is provided using a transport security, typically SSL.
 Message        Security is provided using SOAP message security.
 TransportWithMessageCredential     A secure transport (for example, HTTPS) provides integrity, confidentiality, and authentication while SOAP message security provides client authentication.

RelayClientAuthentication has the below enumerations.

    Member name         Description
    RelayAccessToken    If specified by a listener, the client is required to provide a security token. 
    None                If specified by a listener, the client will not be required to provide a security token. This represents an opt-out mechanism with which listeners can waive the Access Control protection on the endpoint.

The closest configuration example I’ve seen is -
http://msdn.microsoft.com/en-us/library/windowsazure/microsoft.servicebus.nettcprelaybinding.aspx 

<bindings>
    <!-- Application Binding -->
    <netTcpRelayBinding>
      <binding name="customBinding">
        <!-- Turn off client authentication -->
        <security relayClientAuthenticationType="None" />
    </netTcpRelayBinding>
  </bindings>

Here’s an example that you can use:

<bindings>
    <!-- Application Binding -->
    <netTcpRelayBinding>
      <binding name="customBinding">
        <!-- Turn off client authentication -->
        <security endToEndSecurityMode=”TransportWithMessageCredential”  relayClientAuthenticationType="None" />
    </netTcpRelayBinding>
  </bindings>

However, you have to be sure that Service Bus binding extension elements are added in the machine.config or application configuration file in order to use it. If not, in any case visual studio will throw the error for you.

The end-to-end security from client to service is not service bus specific but just standard WCF. The only thing the SB needs is relayClientAuthenticationType below. 

<security mode=""  relayClientAuthenticationType="RelayAccessToken">

The setup of security for nettcprelaybinding should be similar to nettcpbinding. You could use nettcpbinding samples as starting point.

Tom
  • 1,611
  • 10
  • 11
  • Thanks for the response. I have tried your example and am faced with an error which says that "endToEndSecurityMode" is an unrecognised attribute. I have the Service Bus binding extension elements which are auto generated when adding the reference to Microsoft.ServiceBus so netTcpRelayBinding does not cause an error, but perhaps I need to add additional ones? – Lewray Apr 19 '12 at 14:34