Stack Overflow
Stack Overflow

Questions tagged [wcf-security]

Questions related to the authentication and authorization services for Windows Communication Foundation (WCF) applications

Windows Communication Foundation is Microsoft's implementation of the WS-* web service specifications. Its security functionality mainly deals with authentication, authorization and secure over-the-wire transmission of user credentials.

When setting up WCF Security for an application, the following parameters need to be configured:

  • The type of credential required, e.g. NTLM, plaintext, or certificate authentication
  • The security mode: transport mode (e.g. SSL), message mode (SOAP message security), or a combination of both
  • Which endpoint(s) are protected

Once a client successfully connects to an endpoint protected with WCF Security, the server application can examine the security context to determine the identity of the client and to determine its authorizations (which need to be configured separately).

1285 questions
0
votes
1 answer

.NET Disable inbound that are not TLS1.2

I developed an WCF that can only be consumed with SecurityProtocol = SecurityProtocolType.Tls12 for clients PCI requirement. My question is, how can i check the security protocol used by the inbound (code in each method)? How to reject inbound…
pata
  • 959
  • 2
  • 18
  • 35
0
votes
1 answer

How to use current datetime for FindByTimeValid value in WCF ServiceCertificate config

How do I use current date & time as the value for the findValue attribute in the ServiceCertificate config when using "FindByTimeValid" for the x509FindType? Using DateTime.Now as below obiously doesn't work but neither does "2010-10-20 14:35:28Z".…
Keith K
  • 2,893
  • 4
  • 33
  • 43
0
votes
1 answer

WCF client can still connect after deleting service's certificate

I've got a WCF client and service. The service is configured to use a certificate for encryption. This is all working fine. We're using self-signed certificates for testing. Except that one of my QA guys has deleted the certificate from his client…
Roger Lipscombe
  • 89,048
  • 55
  • 235
  • 380
0
votes
1 answer

WCF service with siteminder protected c#

I am trying to consume WCF webserice which is siteminder protected. The issue is when I am trying to browse the webservice URL in browser it is working fine with the credential that I have supplied. But when I am trying to do the same…
Code's
  • 208
  • 2
  • 18
0
votes
2 answers

login failed error when connecting to database from WCF service

I created a WCF service and one of its methods connects to database to perform some task. when I call the WCF service method from the client (website or console app), I get a login failed error ("login failed", login is from an untrusted domain"). I…
RKP
  • 5,285
  • 22
  • 70
  • 111
0
votes
1 answer

WCF Customised user authentication

I would like to create a login for my WCF service (over the internet) where a username and password submitted by the client (Windows Forms app) is compared to a username and password pair on my SQL server, if the two agree, the user is…
Kafros
  • 166
  • 14
0
votes
2 answers

WCF Security Concerns

First of all, sorry for the dummy question. Couldn't find any straight answer on the internet. I'm new to WCF (and using services in general) and would like to get some information about my security concerns. Suppose I have an open source web…
Kamyar
  • 18,639
  • 9
  • 97
  • 171
0
votes
1 answer

WCF - Validation of the Service to the Client

Imagine a self hosted WCF service, and a client that connects via a proxy. Is it possible to implement custom validation of service credentials from within the client? i.e. Is it possible to validate the custom service user name and password? It's…
Chris Chambers
  • 11
  • 3
0
votes
1 answer

The provided URI scheme 'https' is invalid; expected 'http'. Parameter name--Immediate Help Needed

Hello I tried all the solutions provided in stack over flow. I am getting "The provided URI scheme 'https' is invalid; expected 'http'. Parameter name: via" error. Service is rumnning fine in IIS7 and i am getting this error when ever i try to…
Murali Gangineni
  • 83
  • 5
0
votes
1 answer

Mutual Authentication with Self-Hosted WCF Service

I'm looking into creating a WCF service that will connect to our Product Management system to provide/update product licensing information. It will be a self hosting service wrapped up in an NT service and I'm looking at ways to mutually…
Chris Chambers
  • 11
  • 3
0
votes
2 answers

ASP.NET, WCF: how can I authenticate a calling application? Not the user, the application itself

For a few reasons, the bunch I'm working for don't want to use certificates and don't like the idea of a service that can be accessed by anybody with a valid logon. My question is how can I authenticate an application as being an official…
Ultrahuman
  • 25
  • 1
  • 3
0
votes
1 answer

Why WCF windows authentication?

Why use Windows authentication for WCF service hosted on IIS, if I can limit accessing the IP range to be "localhost", Is there a security hole here. if not, then why Windows authentication is supported by WCF, sense I can restrict IPs for all…
Costa
  • 3,897
  • 13
  • 48
  • 81
0
votes
0 answers

How to access WCF service from asp.net?

We host WCF services and asp.net site on the same machine, both in IIS under Network Service account. Both sites have Anonymous and Windows authentication enabled. The service uses WsHttpBinding When we call the service from WCF Test Client…
Pavel Voronin
  • 13,503
  • 7
  • 71
  • 137
0
votes
1 answer

WCF configuration using kerberos fails on certain domains

I'm not exactly sure, this question is right here on stackoverflow... maybe it belongs to serverfault... anyhow, here it goes: We have server/client setup implementing WCF Services. Both the client and the service are running under a domain-user.…
froeschli
  • 2,692
  • 2
  • 28
  • 55
0
votes
0 answers

WCF -authenticate client from the digital signature

I am new to WCF services, My client wants us to create a service where they can reply for our requests. But they actually want service on Https and authenticate them from the digital signature. They are asking for "cer" file from us. I really don't…
Maddy
  • 907
  • 3
  • 10
  • 25
1 2 3
85 86