.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

WCF client WS-Security Username + X.509 + https

Posted By:      Posted Date: September 15, 2010    Points: 0   Category :WCF
Hi all, I need help to build a wcf client. The client has to send a ws-security message wiht BinarySecurityToken tag and UsernameToken tag. The transport is https. The UserNameToken is composed only by the Username field without the Password. I have set in configuration file the security mode="TransportWithMessageCredential" but  I cannot set in the <message clientCredentialType="">  "Username" and "Certificate" both active at the same time. I have to send in the soap header two Reference with two digest, one for the body, one for the UsernameToken. Can someone  help me ? By and Thanks

View Complete Post

More Related Resource Links

Return of the Rich Client: Code Access Security and Distribution Features in .NET Enhance Client-Sid


Rich clients employ many of the features and conveniences of the operating system they run on, and the list of these features has been growing since the dawn of the PC. But as apps have migrated to the Web, the trend towards increasing client-side functionality has ground to a virtual halt. There are several reasons for this; chief among them are security and deployment problems. But that's all about to change. With the .NET Framework, you can participate in building the distributable rich client of the future. In this article, the author enumerates the pertinent features of .NET that will allow you to build safe, easily deployable controls. The features discussed include managed code, code access security, versioning control, Windows Forms classes, and isolation.

Jason Clark

MSDN Magazine June 2002

Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr


This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000

C# - Creating web client for automating user activity on a HTTPS site

I've been wracking my brain for a couple of weeks on this.  I need to create a web client (I don't want to use the webBrowser control because I need this to be as lightweight as possible) to log in to a secure web site, and then effectively click links and fill in fields to get the data that would normally be displayed in the web browser.  I'm then going to parse the data and perform other actions with it. I have been working with HttpWebRequest and HttpWebResponse and many permutations of suggestions I have found while Googling my issue, but I can't get rid of my problem:  Sometimes when I effictively click the ultimate link that I need to click to get to my data, I get what I am looking for.  However, MOST of the timel, I get a response page that tells me my connection timed out and that I need to log in again.  I have tried messing with cookies and such, but to no avail. I know it's good form to post my code, but it is so sloppy and screwed up right now from tweaking this and trying that, that I'd rather not take the approach of fixing what's there, rather I'd like to start with solid, clean code to begin with. Your help will be greatly appreciated. Thanks, ALo

asp:Menu submenu hover/expansion + HTTPS = Security Information Popup

Hello,I have a an asp:Menu with a datasource and the page is being accessed by https. If I hover over one of the menu items that has a subitem I get this popup.Here is my code,//asp <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Test.aspx.cs" Inherits="UI_Common_Test" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> </head> <body> <form id="form1" runat="server"> <div> <asp:Menu ID="Menu1" runat="server" DataSourceID="dsSiteMap" Orientation="Vertical" StaticDisplayLevels="2"> <DataBindings> <asp:MenuItemBinding DataMember="SiteMapNode" TextField="Title" /> </DataBindings> </asp:Menu> <asp:SiteMapDataSource ID="dsSiteMap" runat="server" SiteMapProvider="Public" /> </div> </form> </body> </html> //cs using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI;

Security exception on Merge Replication over HTTPS,

Hi, I've setup SQL 2005 Merge replication over HTTPS for few remote machines. Most of them are working great but this particular machine is causing me a lot of problem. Here's message details from SQL agent job. Message 2010-08-04 15:57:00.999 The system cannot find the file specified. 2010-08-04 15:57:01.015 Category:NULL Source:  Merge Process Number:  -2147221502 Message: The system cannot find the file specified. 2010-08-04 15:57:01.031 Category:NULL Source:  Merge Process Number:  -2147199373 Message: The Merge Agent failed to connect to the Internet proxy server for user 'UserName' during Web synchronization. Ensure that the proxy server settings are correctly configured in Internet Explorer, or specify the -InternetProxyServer parameter when starting the Merge Agent. 2010-08-04 15:57:01.031 Category:NULL Source:  Merge Process(Web Sync Client) Number:  -2147010889 Message: The Merge Agent could not connect to the URL 'https://serveraddress/replisapi.dll' during Web synchronization. Please verify that the URL, Internet login credentials and proxy server settings are correct and that the Web server is reachable.   Machine is directly connected to the internet, doens't use proxy server so it's not proxy issue. Any checkboxes in IE connection setting are all unchecked. I searched web, some people resolved this issue by instal

Client username on server web application

Hi, Guys i nid serious help, nt sure if its possible though. I have a asp.net website which is already runnin on Server 2003. Now i nid to get the username of the user logged in on the client machine, my app doenst hav a log in page n shud nt auth any user, i just nid the user name of the client logged in user, when runnin on local iis i can retrieve the username but on the server i get the server iis username. Im using this code now... Dim strUserId As String     Dim aryUserId As String()     strUserId = HttpContext.Current.Request.LogonUserIdentity.Name     aryUserId = strUserId.Split("\")     Response.write(aryUserId(1)) Please help.

wcf https security



im using wcf how can i make sure to my service file from client side.

my web service file (service.svc)  should not acceable on client side....on https security(ssl)

How to implement Security RTP in RTC Client


Hello! I am developing a VoIP softphone in C# using RTC Client API. I need to add Security RTP but I don't know how because I don't know if RTC Client supports SRTP.


Has anyone any idea or another way to get it??? Thank you.

WCF client and WS-Security


I am pretty new to WCF, but experienced with .NET and C# in general.  I have a task at work that is a little unique.  I just got some of the details and still working on getting full details, but I think what I know now is enough to ask this question and give enough of what I'll need to do to hopefully get some direction from some of the WCF experts here.

Basically, I'll be building a client that needs to send a SOAP message to a remote web service (our customer) that is not .NET on the server side.  We have to first go through an initial call that gets back a cookie, then we have to do something with that cookie and from that we can "manually/programmatically" build our SOAP message to POST to the service.  We need to encrypt the SOAP message, so WS-Security is involved.

All of this has to be done programmatically, not using a proxy built with svcutil, etc.  This is because of the cookie scenario where we have to talk to an intermediate server first, get the cookie, then build the SOAP, then encrypt, then built an HttpWebRequest to post to the remote service.

I'm interested in suggestions, but this has to be done fast so any recommendations for "a better way to do it would be...." are appreciated, but at this point we have to get this done yesterd

Net.TCP Endpoint; Windows Authentication security; client can connect to a server at localhost but n


Hey all, so here's what going on:

I have a WCF Service that I have setup as a Windows Service.  Everything works perfectly when I attempt to use the system with all of the components (i.e. server and clients) on the same machine.  However, when I try to connect my client from a different system, I get an error that is trying to tell me that the server rejected the client's credentials.

I need the client to the able to connect from a different machine.  I want to implement a SQL Role Provider kind of credentialing in the future, but for now, I just need it to work.

What I have tried
I have looked around online and read a few other posts as well some things in the MSDN KB and I have either not found the answer, or not understood it.

  • I have tried setting the <security mode="Transport"> to "None" with the hope that that would disable the accreditation entirely.  All it did was result in a different error saying that there was an error that might have been caused by an invalid message.  I have also tried a few other configurations with this element in the app.config file; to no success.
  • I have read some things about Impersonation, but I am not quite sure I understand how to implement it

An exception occurred when trying to issue security token: The security token username and password



  I get a problem authenticating people in Sharepoint 2010 LDAP provider.

  Right now, I can successfully config the central admin for LDAP provider, (I can search people that in LDAP server,assign ldap people without problem). Also I can search LDAP people in my site. Then I tried to login using ldap username and password, it shows "An exception occurred when trying to issue security token: The security token username and password could not be validated.."

  First, I thought maybe there were some typo in my site web.config, so I enabled the windows login, log into my site using my windows account, there, I can search LDAP user in my site with no problem. So I believe that my site web.config is alright. The only thing left is the STS.But I am not sure what could be wrong , because membership and role part are just simple copied and pasted from my site web.config.

  Here is the web.config for STS. Please Help. Thank you.

<?xml version="1.0" encoding

Silverlight and WCF 'simple question' (right), involving https vs transport security


Two questions:  I’m familiar with WCF and using it with Silverlight, https:, and I have a remote web server that I have a SSL / TLS certificate on.


I want to encrypt login and/or data to and from the web server.  Already I can do this on localhost, using this video:  http://www.silverlight.net/learn/videos/silverlight-videos/using-aspnet-secure-services-and-applications-services/

    (“In this video, Tim Heuer demonstrates two important features of Silverlight and ASP.NET, using secure web services and using ASP.NET application services from within Silverlight. This demonstration walks through securing services and interacting with the ASP.NET authentication services to restrict use as well as directly interact with ASP.NET application services from within a Silverlight application.”)

 Also I have reviewed this video on localhost:


How to intercept the raw XML messages of a WCF client using WS security???


Hi there,

I've set up a WCF service using WS-Security. I've also implemented an according test client. For testing purposes it's often important to know how the raw XML looks like, that has been sent to the service or that was replied from it.

What I've done so far is the following. I created a special message inspector:

public class MessageViewerInspector : IEndpointBehavior, IClientMessageInspector
	#region Properties

	public string RequestMessage { get; set; }
	public string ResponseMessage { get; set; }

	#region IEndpointBehavior Members
	public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)


	public void ApplyClientBehavior(ServiceEndpoint

IIS web site server code: detecting if client browser supports TLS https encrption mode



Due to security restrictions, we must run our web site under the TLS variant of https (SSL is disabled on the server...only TLS is enabled on the server).

The problem we have is that some customers have TLS disabled in their Internet Explorer  Tools/Internet Options/Advanced settings...and they get a "page cannot be displayed" error.

I need a way to tell those users to "go enable TLS on your browser" (like display a page for this saying this).

Can you tell me how I can determine if (with the server having only TLS...not SSL...enabled) if the browser can support the https?

Some more details on the issue:

I've watched the conversation between the browser client and the server, and it appears that the conversation flow is as follows:

1.) Browser broadcasts to the server which https protocols it supports (and has enabled) (i.e. SSL 1.0, SSL 2.0, TLS 1.0, etc.)

2.) Server checks its configuration (which https protocols are setup to be allowed on the server) and returns back on one of the browser client matching protocols.


What I need to determine is how to detect if TLS is enabled on the browser that makes a request (determine it in the ASP.NET server code), so I can generate a page (in the case TLS is not supported on the IE browser) to inform the user.

create proxy client with SvcUtil from service using https+cert authentication


Hi all,

I have build two web services one is wcf hosted in iis and the other one is java web service (jax-ws ri) hsted on tomcat. Both of the services uses https and certificate authentication.The certificates are valid and when I check the wsdl's from the browser I can see them without any warning.

So I want to create a wcf client for the services with svcutil. I have created the necessary config file for svcutil (svcutil.exe.config).

When I try to create the proxy files for the java service (svcutil http://JavaServiceIpAddress/service?wsdl) I receive

"metadata contains a reference that cannot be resolved .

<Fault xmlns="http://schemas.xmlsoap.org/soap/envelope/" >
   <faultcode xmlns:a="http://www.w3.org/2003/05/soap-envelope" xmlns="">a:Client</faultcode>
   <faultstring xmlns="">Cannot find dispatch method for {}</faultstring>

the request was aborted: Could not create ssl/tls secure channel"


When I execute svcutil http://WcfServiceIpAddress/service.svc the proxy and configs file are created smoothly. When I try svcutil http://WcfServiceIpAddress/service.svc?wsdl

"error: cannot obtain metadata from http://WcfServiceIpAddress/service.svc?wsdl


How to bypass https:// security warning.


I have website which is https://secure  and it has a contect from http://nonsecure (youtube videos)

I get Security Warning in Internet explorer which I try to access youtube videos, is there any where I can bypass that warning programmatically,

Please let me know or any other alternatives.

thank u


How do I get the userName and passWord sent by a client using http basic authentication in a wcf se


Hello Guys,

I need to get the username and password that my java clients are passing using basic http authentication.

The message my clients are sending is the following:

POST http://localhost:1715/PanelService.svc/PanelService HTTP/1.1<br/>
Accept-Encoding: gzip,deflate<br/>
Content-Type: text/xml;charset=UTF-8<br/>
SOAPAction: "http://br/com/petrobras/operational/services/PanelService/getAverageByBusinessObject"<br/>
Authorization: Basic YWJjZGVmOjEyMzQ1Ng==<br/>
User-Agent: Jakarta Commons-HttpClient/3.1<br/>
Host: localhost:1715<br/>
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend