Questions tagged [wcf-security]

Questions related to the authentication and authorization services for Windows Communication Foundation (WCF) applications

Windows Communication Foundation is Microsoft's implementation of the WS-* web service specifications. Its security functionality mainly deals with authentication, authorization and secure over-the-wire transmission of user credentials.

When setting up WCF Security for an application, the following parameters need to be configured:

The type of credential required, e.g. NTLM, plaintext, or certificate authentication
The security mode: transport mode (e.g. SSL), message mode (SOAP message security), or a combination of both
Which endpoint(s) are protected

Once a client successfully connects to an endpoint protected with WCF Security, the server application can examine the security context to determine the identity of the client and to determine its authorizations (which need to be configured separately).

1285 questions

votes

1 answer

WCF Authentication and Impersonation

Hi, I'm having some trouble implementing a WCF RoleService, well specifically the GetAllRolesForCurrentUser method. I can successfully connect to the service, but when I try and retrieve the roles for the user, it naturally uses current principal…

asked Sep 14 '12 at 01:49

user1401169

votes

1 answer

Impersonate FormsAuthenticated user in HttpHandler for WCF call

I'm using HttpHandlers to generate PDF report files "on-the-fly" using the authenticated user context. However, to create the report PDF file I need to call a method on a secure WCF service with the context of the caller (the authenticated user). I…

asp.net wcf security impersonation wcf-security

asked Aug 06 '09 at 15:09

R4cOOn

2,340
2
30
41

votes

1 answer

Remote endpoint has failed - happens randomly

We have a setup with a website, which communicates using WCF to our Microsoft CRM 2011 solution. Users create new cases on our website, which are stored in the CRM solution. Using WCF, it calls CRM and stores the data. This works perfectly, but…

.net wcf dynamics-crm-2011 wcf-security

asked Sep 12 '12 at 12:40

Lars Holdgaard

9,496
26
102
182

votes

0 answers

Uploading large amount of data from client to the WCF service through https

I'm working on solution that uploads large amount of data through WCF web service to the server using HTTPS. My infrastructure design like this: Client application <-- HTTPS --> ISA server <-- HTTP --> WCF web service The web service hosted on…

wcf ssl wcf-security isaserver

asked Sep 08 '12 at 17:53

Max Kilovatiy

votes

1 answer

How to authenticate client while consuming the WCF web service?

I want to authenticate a client while consuming a Web service. I see a property exposed in the Client called ClientCredential in which we can pass username and password. How can I pass this information to my WCF web service and how can i…

wcf wcf-security wcf-client

asked Jul 29 '09 at 13:39

Ashish Ashu

14,169
37
86
117

votes

1 answer

WCF encryption options for intranet applications?

I apologize for my weak understanding of this topic, and I hope that this question is not too broad. I would like to develop a .NET 4 intranet application with a WCF service. The client will be a Windows Service (running as SYSTEM). I do not need…

.net wcf encryption .net-4.0 wcf-security

asked Aug 16 '12 at 16:40

Eric

5,842
7
42
71

votes

1 answer

WCF Binding Transport/Windows Binding Security Not Being Enforced

I'm in the process of adding SSL security with Windows authentication to a formerly unsecured IIS hosted WCF service application. To my surprise, I found that two of the service endpoints were already using a Binding with Transport and Windows…

wcf wcf-security

asked Aug 10 '12 at 18:41

xr280xr

12,621
7
81
125

votes

3 answers

Is WCF Username Authentication without Transport Security a security risk?

I am trying to use username message security in WCF. I am trying to find out if using transport credential type of None/Anonymous will pose a definite security risk. My concern is with the initial exchange where binary data is tunneled through…

wcf authentication .net-3.5 wcf-security

asked Jul 24 '09 at 19:15

mirezus

13,892
11
37
42

votes

1 answer

Client and Server Authentication By the Same Certificate

I use the same certificate both for client and service authentication on Wcf with message security. Does it cause any serious vulnerability?

wcf-security

asked Aug 02 '12 at 14:39

mkus

3,357
6
37
45

votes

2 answers

.Net wsFederationHttpBinding and SAML2.0

OK I have created a SAML Implementation using wsFederationHttpBinding but I do not want to encrypt the soap:Body. As Specified here http://msdn.microsoft.com/en-us/library/system.servicemodel.wsfederationhttpsecuritymode.aspx it says the "Message…

c# .net wcf wcf-security wsfederationhttpbinding

asked Jul 24 '12 at 20:44

John Hartsock

85,422
23
131
146

votes

0 answers

WCF over SSL - Can I still have point-to-point over the Internet?

Scenario WCF service on our public DNN website using a WsHttpBinding over SSL. security mode is TransportWithMessageCredential Requires Username and password authentication One WCF client consuming the service on our Intranet I understand the…

wcf ssl wcf-security

asked Jul 17 '12 at 17:51

Mark B

1,166
1
19
31

votes

1 answer

Securing WCF Services across multiple projects

I'm having a hard time wrapping my head around some architectural elements to securing a core WCF service that is consumed by many different applications. Internally, we have an application that allows HR folks to update a peron's details. This…

wcf architecture wcf-security

asked Jul 03 '12 at 20:27

Josh

10,352
12
58
109

votes

2 answers

WCF certificates and non .net clients

I am developing a WCF service. I use WsHttpBinding and customUserNameValidator for access through username and password. But I've faced with problem that as soon as I use username/password I need some sort of secure channel that means that I should…

.net wcf wcf-security

asked Jun 28 '12 at 10:32

Don Tomato

3,311
3
30
48

votes

3 answers

Https binding in WCF throws error

I have a WCF service that needs to hosted using basicHttpBinding using SSL. So my team has installed a SSL certificate with Anonymous authentication enabled and a hardcoded username and password given in IIS. I tried giving this binding

wcf wcf-security

asked Jun 27 '12 at 08:22

Deefa

votes

1 answer

which security measures for asp.net mvc 3 app and WCF on a sql server 2008 db?

how can I make my asp.net mvc 3 application 100 % secure. I am using a sql server 2008 db as a backend. I am also planning to use WCF to post data back to the db. so my ideas sofar is using : -wcf request throttling -use the antiforgery token. The…

asp.net-mvc wcf sql-server-2008 wcf-security

asked Jun 27 '12 at 06:16

user603007

11,416
39
104
168

Prev 1 2 3

…

85 86 Next