Stack Overflow
Stack Overflow

Questions tagged [wcf-security]

Questions related to the authentication and authorization services for Windows Communication Foundation (WCF) applications

Windows Communication Foundation is Microsoft's implementation of the WS-* web service specifications. Its security functionality mainly deals with authentication, authorization and secure over-the-wire transmission of user credentials.

When setting up WCF Security for an application, the following parameters need to be configured:

  • The type of credential required, e.g. NTLM, plaintext, or certificate authentication
  • The security mode: transport mode (e.g. SSL), message mode (SOAP message security), or a combination of both
  • Which endpoint(s) are protected

Once a client successfully connects to an endpoint protected with WCF Security, the server application can examine the security context to determine the identity of the client and to determine its authorizations (which need to be configured separately).

1285 questions
14
votes
2 answers

Transport-level vs message-level security

I'm reading a book on WCF and author debates about pros of using message-level security over using transport-level security. Anyways, I can't find any logic in author's arguments One limitation of transport security is that it relies on every …
user437291
  • 4,561
  • 7
  • 37
  • 53
14
votes
1 answer

OAuth 2.0 integrated with REST WCF Service application

I need help with integrating an Authentication layer OAuth2.0 with a REST Service using VS 2012 WCF Service application template in C#. This WCF needs to issue tokens for the authorization and authentication of the service before allowing the…
Reha
  • 185
  • 2
  • 7
13
votes
6 answers

Securing WCF service using basicHttpBinding which supports streaming

My question is in regards to the best (aka "least painful") way to secure access to a WCF service that is only exposed to our company's internal users. The goal is to ensure that the service is only accessed via a single Windows forms application…
Steve Dignan
  • 8,230
  • 6
  • 30
  • 34
13
votes
2 answers

How to use System.IdentityModel in own client-server application

I've got a simple client-server application based on TcpClient/TcpListener and SslStream. Clients can authenticate themselves to the server using a X509Certificate or by sending a user name and password after the SslStream has been established. WCF…
dtb
  • 213,145
  • 36
  • 401
  • 431
13
votes
1 answer

Determine the TLS/SSL version on the service side of a .Net WCF web service

I am running a .Net WCF web service which handles several different request SOAP messages and which is hosted under IIS (version 7). In the case that transport security is used (https) for the web service endpoint, how can i determine the used…
Karel
  • 131
  • 1
  • 3
13
votes
3 answers

How to create self-signed certificate programmatically for WCF service?

I have a self-hosted WCF server running as a Windows service under the Local System account. I am trying to create a self-signed certificate programmatically in c# for use with a net.tcp endpoint using Message level security. I am using the…
MarkR
  • 215
  • 3
  • 10
12
votes
5 answers

soapUI With WCF Message Security

I am trying to configure my WCF (.NET 4.0) service so that it can be tested using soapUI. I am using wsHttpBinding with message security. My goal is to expose the service on a public test endpoint and try to load-test it with loadUI which uses…
Milen
  • 121
  • 1
  • 1
  • 3
12
votes
1 answer

ClientMessageInspector add BinarySecurityToken and Signature

I'm trying to consume Java Web Service using C# in desktop application. My first attempt was using WebServicesClientProtocol, but I'm not able to add necessary attribute that is required by WSSE Username and Token Security Spec 1.1 I need to create…
Misiu
  • 4,738
  • 21
  • 94
  • 198
11
votes
3 answers

Configure WCF service client with certificate authentication programmatically

How do i setup a ServiceClient using Certificate authentication programmatically in c#? And i don't want to use .config. using(var srv = GetServiceInstance()) { srv.DoStuff() } private TheServiceClient…
espvar
  • 1,045
  • 5
  • 16
  • 28
11
votes
0 answers

The request was aborted: Could not create SSL/TLS secure channel - Decrypt returned SEC_I_RENEGOTIATE

Our application consumes a web service in C# (.Net framework 3.5). Getting the correct response from the server most of the time, but it is intermittently throwing an error: The request was aborted: Could not create SSL/TLS secure channel. Having…
user1124965
  • 111
  • 1
  • 3
11
votes
2 answers

One way SSL is one way encryption?

If one way SSL is used (Server Certificate authentication) then data sent from client gets encrypted using Public key of the server certificate. So privacy protection is available for data sent from client. My questions are Does this mean that in…
ideafountain
  • 276
  • 2
  • 3
  • 7
11
votes
2 answers

Creating Headers (wsse) Section of WCF Client Programmatically in C#

how do make a the following section of Service Settings of app.config in C# programmatically:
user402186
  • 489
  • 2
  • 7
  • 17
11
votes
4 answers

Open Source Alternatives to WCF

Could you tell me the open source alternatives to WCF?? I'm a newbie and just started using WCF. I wanted to know about the alternatives that are open source too. Also, what makes them better options/not so good compared to WCF. Thanks, Thothathri
wittythotha
  • 3,956
  • 4
  • 19
  • 18
11
votes
2 answers

WCF sessions with a wsHttpBinding and without windows security

I need to create a WCF service that is hosted in IIS, uses http transport and hold state in the server’s memory. While I’m aware that stateful services aren't a good idea, this last constrain is necessary to make the service work with a legacy…
Robert
  • 6,407
  • 2
  • 34
  • 41
11
votes
3 answers

What purpose does the WCF client-specified "userPrincipalName" serve?

I've created a WCF service with a wsHttpBinding and Message security. Then I added a service reference which resulted in the client's config file being updated with this:
Brent Arias
  • 29,277
  • 40
  • 133
  • 234
1 2
3
85 86