.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Post New Web Links

security for WCF service

Posted By:      Posted Date: September 10, 2010    Points: 0   Category :WCF
 
Hello Am having a WCF service and a web application client trying to access this service. I need to implement a security at message level. I need to provide security for service using X.509 and authorizing the client using the standard username and password.  Are there any good security implementation models to provide end-end message security. Please specify and good material Thank you


View Complete Post


More Related Resource Links

Security Briefs: Regular Expression Denial of Service Attacks and Defenses

  

Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.

Bryan Sullivan

MSDN Magazine May 2010


Security Briefs: XML Denial of Service Attacks and Defenses

  

This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.

Bryan Sullivan

MSDN Magazine November 2009


Geneva Framework: Building A Custom Security Token Service

  

A Security Token Service, or STS, acts as a security gateway to authenticate callers and issue security tokens carrying claims that describe the caller. See how you can build a custom STS with the "Geneva" Framework.

Michele Leroux Bustamante

MSDN Magazine January 2009


Windows Identity Foundation Security Token Service can't stay logged in

  
I'm using the Windows Identity Foundation **(WIF)** Security Token Service **(STS)** to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in. Here's what occurs in my login.aspx on the STS var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket); if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(cookie); var returnUrl = Request.QueryString["ReturnUrl"]; Response.Redirect(returnUrl ?? "default.aspx"); Which was taken almost directly from existing application using normal Forms Auth. From my web.config <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="2880" name=".STS" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </auth

Security settings for this service require Windows Authentication but it is not enabled for the IIS

  
Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

Silverlight enabled web service security error

  
I tried to create a SL enabled Web Service by following the example from the Microsoft link: http://msdn.microsoft.com/en-us/library/cc197940(VS.95).aspx When I got to step 6 to test the web service that I created (View in Browser), I got the following error:  Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service. My IIS is located on my local machine with Windows Integrated Authentication and Anonymous access unchecked. After checking the Anonoymous access checkbo, I still got the above error. I have read other post on the Internet that Silverlight uses BasicHttpbinding but the settings in the web.config file was created by Visual Studio 2010 (running .NET 4.0), so I didn't think I need to mess with it. The following is the section from the web.config: <system.serviceModel>   <behaviors>    <serviceBehaviors>     <behavior name="">      <serviceMetadata httpGetEnabled="true" />      <serviceDebug includeExceptionDetailInFaults="false" />     </behavior>    </serviceBehaviors>   </behaviors>   <bindings>    <customBinding>     <binding name=

PDF Rendering from RS2005 web service affected by recent security patching.

  
p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm;margin-bottom:.0001pt;font-size:11.0pt;font-family:'Calibri','sans-serif';} span.EmailStyle15 {font-family:'Calibri','sans-serif';color:windowtext;} .MsoChpDefault {;} @page Section1 {size:612.0pt 792.0pt;margin:72.0pt 72.0pt 72.0pt 72.0pt;} div.Section1 {page:Section1;} p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm;margin-bottom:.0001pt;font-size:11.0pt;font-family:'Calibri','sans-serif';} span.EmailStyle15 {font-family:'Calibri','sans-serif';color:windowtext;} .MsoChpDefault {;} @page Section1 {size:612.0pt 792.0pt;margin:72.0pt 72.0pt 72.0pt 72.0pt;} div.Section1 {page:Section1;} One of our web services makes a call to the RS2005 ReportingServiceSoapClient Render method in order to generate reports as PDFs. This PDF is then copied to a fileshare where it is picked up by a third party document delivery product and distributed to our clients. The third party process uses ghostscript in order to convert the PDF to TIFF format to allow further processing. This has been working successfully for months (and in a legacy project using an older version of SQL RS2003 for a few years now).Recently one of our report servers was patched with the SP2 / Hotfix for the ActiveX printing issue. Since this has happened we have a problem where the PDFs being generated (while still readable in Adobe reader) now cont

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

WCF Security Interoperability with Java web service

  
Hi everybody, I'm implementing a WCF client which talks to a Java web service secured with x509 certificates and username token. The service requires both signing and encryption as message protection. Thanks to Yaron Naveh and some other guys on this forum I've managed to solve the signing stuff, but the encryption seems to be much more difficult. The problem I'm facing now is the server cannot decrypt my messages - I'm getting HTTP 500 errors. I've got a request example from the service vendor and compared with the messages my client generates, there is only one difference: in the example provided by service vendor I can see an extra tag KeyInfo under the EncryptedData, which seems to me reasonable to be there, but I don't know why WCF doesn't put that item. These are the two SOAP request sections I'm talking about: My WCF client: <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <e:CipherData> <e:CipherValue> <!-- Removed--> </e:CipherValue> </e:Cipher

Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)

  
I have been trying to install   Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)   since it was released but downloads ok but it will not install. Everytime installation of this update fails!   Help...

System.ServiceModel.Security.SecurityNegotiationException in WCF RIA Service

  
Good day, I created a WCF RIA service application in Visual Studio 2008. However, when I run the application it posts this exception. I set the includeExceptionDetailInFaults to true: <behaviors> <serviceBehaviors> <behavior name="serviceBehavior"> <serviceDebug includeExceptionDetailInFaults="true"/> <serviceMetadata httpGetEnabled="true"/> </behavior> </serviceBehaviors> </behaviors> However, I still get the this error in my client app..... Any idea to diagnose the issue? or any suggestion on exception handling in WCF?? Thanks in advance!!

The Security Token Service is not available

  
I set up SharePoint 2010 Beta on a Windows 2008 R2 server and am going through the Central Administration - Review problems and solutions: All Reports - The Security Token Service is not available and the failing service is SPSecurityTokenService.Should not this service if available been installed during installation time?  It says "The Security Token Service is not issuing tokens.  The service could be malfunctioning or in a bad state.I don't want to go any further with setting up this until I can get an answer on how to fix this?Thanks

Report Manager Security: If a user login to Report Service than he should be able to see only a fold

  
Report Manager Security: If a user login to Report Service than he should be able to see only a folder for which he has role assing and rest of the folder should be hidden for him. How this security i can achive with c#

How to apply Web service security??

  
Dear All, I am new in web service, I want to know if is there any way to authenticate user to access web service, but  I don't want to use authentication process in each function in web service project. Please help..

Security settings for this service require Windows Authentication but it is not enabled for the IIS

  

Hi,

 

We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2

 

Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.

 

NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2

 

IIS Setting

 

"Integrated Windows Authentication" is enabled in the "Directory Security"

 

Web.Config

<system.serviceModel>

<bindings>

<basicHttpBinding>

<binding name

Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend