.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan
Post New Web Links

Authentication: Is UserNamePassword authentication possible without X.509 certificate?

Posted By:      Posted Date: September 03, 2010    Points: 0   Category :WCF
 
Hi ever body I want to authenticate my client at my WCF service with username/password credentials. Is it possible to do this without a X.509 certificate (without any certificate at all)? Thanks  


View Complete Post


More Related Resource Links

SharePoint - Report Server - Client Certificate authentication

  
Hi,I have a SharePoint site collection which requires client certificates. On the server I have configured Reporting Services in integration mode.I can call reports on other site collections which don't require client certificates but not on the site which does. On the site which requires client certificates the pages fail with the following error message:'An unexpected error occurred while connecting to the report server. Verify that the report server is available and configured for SharePoint integrated mode. --> The request failed with HTTP status 403: forbidden'The error message indicates that SharePoint doesn't call the web service with a client certificate. Does anyone know how I can configure SharePoint to use a client certificate?Any help is greatly appreciated.Adam

WCF Service using SSL and Certificate Authentication.

  
Hi All,     I have a WCF service and want to use Transport Security and Certificate for Client Authentication.   When I am tryting to connect to service , I am getting the following error:   The SSL settings for the service 'None' does not match those of the IIS 'Ssl, SslNegotiateCert, SslRequireCert'.     I have configured the IIS to use SSL. Given below is the  configuration section for WCF service at server end:   <system.serviceModel> <services> <service name="HelloWorld.Service1" behaviorConfiguration="ServiceBehavior" > <!-- Service Endpoints --> <endpoint address="https://localhost/SecureHelloWorld/Service.svc/ws" binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="HelloWorld.IService1"> <identity> <dns value="localhost"/> </identity> </endpoint> <endpoint address=https://localhost/SecureHelloWorld/Service.svc/mex binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="ServiceBehavior"> <serviceCredentials> <serviceCertificate findValue="XXXXXXXXXXXXXX" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="My" /> <

troubleshooting client certificate authentication issues

  

hi,

i am using self created certs for client authentication. for one of the cert it works fine but ith another cert it does work. i get an error, can't rer connect to server.

is there any way/tool to troubleshoot cert issue?

Regards


singhhome

Certificate and windows based authentication

  

We have a WCF service hosted in IIS 7 which currently uses windows
authentication. However, as we on-board new customers which don’t have domain
account we want to use certificate authentication for our new customers without
affecting existing users.

I know we can handle this issue using different endpoints since WCF
allow to set binding and authentication for each endpoint. However, this
approach seems to have a problem on our current users since it requires to
generate a new proxy, which they don’t want it,  due to the change in the
configuration of the service to accommodate this change.

So I am wondering if there is any better way which doesn’t require our
existing clients to generate a new proxy and at the same time which can allow
us to use certificate and windows based authentication.

Is there any way we can handle this by just configurin

WCF Service to WSE Client - Certificate authentication over SSL

  
I am trying to access a WCF service with a WSE 3.0 client over SSL using certificate authentication.  I can do it over an unsecured channel using a customBinding on the service side using the MutualCertificate authentication mode and the turnkey policy assertion mutualCertificate11Security on the client side.  This breaks when I move it to a production environment accessible only by SSL and either (1) change nothing in the server config file--connection gets refused because it is not https--or by (2) changing the server custom binding to CertificateOverTransport--client errors with this:  System.InvalidOperationException: Security requirements are not satisfied because the security header is not present in the incoming message.

My question is simply, how do I access a WCF service over SSL using certificate authentication?

Thanks,
Chris



how to catch certificate authentication and authorization errors in client

  

How can i know at client side that my request to wcf service(with certificate authentication over nettcp) has failed because of authentication or authorization.

i think authentication can fail if the certificate is not a valid certificate(ie date has expired). For authorization i have implemented ServcieAuthorizationmanger and returning true/false. how wcf will transfer this to authrization error.

Regards


singhhome

SharePoint 2010 & Client Certificate Authentication

  

Hi,

we have upgraded our WSS 3.2 installation to Sharepoint Foundation 2010 and have trouble with authentication over client certificates (works perfect with WSS 3.2).

You can reproduce this with a fresh install of SharePoint Foundation 2010 on Windows Server 2008 R2. Create an application and set in IIS authentication to Client Certificates. Then create a site with one document library and upload at least two documents. Then check all items in list view and try to delete this documents over delete-button in ribbon (not over context menu). At this point i get a javascript error:

Message: Object expected
Line: 2
Char: 20732
Code: 0
URI: https://XXXX/_layouts/inplview.js?rev=AohvE9XEf%2FI78tuaw1TGAA%3D%3D

I found following HTTP 500 error in IIS-Log:

2010-05-21 13:20:01 192.168.1.86 POST /_vti_bin/client.svc/ProcessQuery - 443 XXXX\XXX 192.168.XXX.XXX Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+InfoPath.2;+.NET4.0C;+.NET4.0E) 500 0 0 188

If i switch authentication in IIS to Windows Authentication i get no error (HTTP Status Code = 200).

Logging certificate authentication failure events

  

Is there a way so that service will log an event if any request fail due to certificate authentication failure?

I can write my custom x509auntheticator for this, where I can check for authentication and then log it. In this case is there a way from my custom x509authenticator to call the default certificate check implementation of WCF. I don't want to write code to valdiate certificate(like expiry, authority etc). I want something like base.Validate, which will do acutal cert validation and only if it fails i will write code to log event.

Regards


singhhome

Explained: Forms Authentication in ASP.NET

  
This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

  
Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

  
Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

  
.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

  
In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Web Matrix + Windows Authentication

  

I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,


Problems with Forms Authentication in DD 4 site

  

Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     
        </authentication>

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!


Sharing authentication ticket between two applications

  

Hi all,

I have two web applications:

1. http://www.mysite.com - primary app running at the root of the web server

2. http://www.mysite.com/second_app - running in a virtual directory


At user authentication, I'm using FormsAuthenticationTicket to set up authentication cookies. Is it possible to share the same cookie for both the apps?

Any help would be much appreciated.


Many thanks!


Windows Authentication for IIS in Windows 7 Home Premium Edition - for ASP Websites.

  

How to create a virtual directory and get benefit of the IIS. Is there a workaround to accomplish this without the Windows Authentication for Windows 7 Home Premium Edition?

Thanks in advance, 


Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend