Stack Overflow
Stack Overflow

Questions tagged [wcf-security]

Questions related to the authentication and authorization services for Windows Communication Foundation (WCF) applications

Windows Communication Foundation is Microsoft's implementation of the WS-* web service specifications. Its security functionality mainly deals with authentication, authorization and secure over-the-wire transmission of user credentials.

When setting up WCF Security for an application, the following parameters need to be configured:

  • The type of credential required, e.g. NTLM, plaintext, or certificate authentication
  • The security mode: transport mode (e.g. SSL), message mode (SOAP message security), or a combination of both
  • Which endpoint(s) are protected

Once a client successfully connects to an endpoint protected with WCF Security, the server application can examine the security context to determine the identity of the client and to determine its authorizations (which need to be configured separately).

1285 questions
0
votes
1 answer

MSDN Conflicting statement- Which protocol support which security in WCF (Particularly Transport and Message security)

Statement 1: Transport security is available on all of the bindings except for wsDualHttpBinding. Statement 2: Transport security is available on all of the bindings except for netNamedPipeBinding. I am a beginner, I was looking for which protocols…
Jasmine
  • 5,186
  • 16
  • 62
  • 114
0
votes
1 answer

Getting error "Security settings for this service require 'Anonymous' Authentication..." on one server while working on another

I know this error has been discussed many a times but I couldn't find any answers relevant to me so am trying again. Basically, I have a WCF service, which I have deployed to on one of our servers and it works fine with Windows Authentication.…
Hamid Shahid
  • 4,486
  • 3
  • 32
  • 41
0
votes
1 answer

Implement SSL encryption in WCF

What are the configuration changes required to use SSL in a WCF .svc file.Did a lot of googling over the same and have tried all possible ways by configuring endpoints and service behaviors but it ends up giving endpoint not found error or 404…
syama
  • 1
0
votes
1 answer

Writing WCF interceptor for WCF WS-Security and WSE Nonce Authentication

I Have to write a WCF Interceptor which will extend the WCF Behaviour The behavior of my extension is that it will add a custom header to the request.... custom Header is going to be like below
user1104946
  • 680
  • 1
  • 9
  • 30
0
votes
2 answers

Securing an internal WCF service

I need to find out what's the best way of securing a WCF web service I'm writing. The service will be hosted internally and will perform checks against Active Directory and a third party database. The service will be called by a public-facing…
Brett
  • 1,923
  • 3
  • 18
  • 24
0
votes
1 answer

Application not calling function inside WCF swrvice

We have a WCF service , which provide details about the versions of an installed application. This WCF service is installed in different machines.Our application calls all the machine WCF services and check the version in all machines. To check…
user979901
  • 51
  • 1
  • 5
0
votes
0 answers

Calling from secured WCF Web Service from within itself

We have a wcf webservice that is secured using a Custom STS Active Federation Implementation. So clients have to contact the STS for a "Token" with which it can call the methods in WCF Service. I am puzzled how to make self service call from the…
Balaji Gunasekaran
  • 416
  • 6
  • 16
0
votes
1 answer

Accessing AdditionalContext of RequestSecurityToken from inside UserNameSecurityTokenHandler

I am creating a custom STS using a custom UserNameSecurityTokenHandler derived class. In the client, I am adding some additional information to the AdditionalContext property of the RequestSecurityToken that the Token Handler needs to fully…
David Mullin
  • 688
  • 1
  • 8
  • 21
0
votes
2 answers

adding security binding to a wcf end point

I have added a binding to the config below:
Matt
  • 1,931
  • 12
  • 20
0
votes
2 answers

wcf authorization (request filtering) from asp.net forms auth client

Current 2-tier application ASP.NET (Membership/Roles) – BL – DAL – DB After the user is authenticated (membership) we use roles to facilitate authorization to different menu items such as “Reporting” and “Administration”. However as part of…
e36M3
  • 5,952
  • 6
  • 36
  • 47
0
votes
1 answer

How to use wcf service in windows phone7 application?

I have used this code in server side, [OperationContract] [WebInvoke(Method = "POST", UriTemplate =…
user1934099
  • 23
  • 6
0
votes
1 answer

WCF Security - Data origin security

I have a web service implemented in WCF. This service is only going to be called by a single client, a site with a static IP address. I would like to implement simple security that would verify that all calls to the service are only valid if they…
Odd
  • 4,737
  • 6
  • 30
  • 27
0
votes
1 answer

Custom X509CertificateValidator Check Requestor Against CN

I have a custom X509CertificateValidator that currently validates a series of rules against a certificate presented for a WCF SOAP message. There is a requirement to check the CN name on the certificate against the domain the certificate is being…
Fenton
  • 241,084
  • 71
  • 387
  • 401
0
votes
0 answers

WCF service message security

I have a problem with message security in WCF. I'm using this tutorial: http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti I have 2 services. First one, with wshttpbindig is OK. Second one, with…
Paweł Reszka
  • 1,557
  • 4
  • 20
  • 41
0
votes
2 answers

Passing around a Kerberos (TGT) Ticket Granting Ticket. Is Double-Hop Implementation Secure?

Why is it okay to pass Kerberos TGTs around between machines (even across networks)? Isn't this pretty much passing a private key around (which is highly frowned upon the security world)? The only protection I've read about so far is that it has a…
funa68
  • 909
  • 3
  • 12
  • 21
1 2 3
85 86