.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

WCF client and WS-Security

Posted By:      Posted Date: October 04, 2010    Points: 0   Category :WCF

I am pretty new to WCF, but experienced with .NET and C# in general.  I have a task at work that is a little unique.  I just got some of the details and still working on getting full details, but I think what I know now is enough to ask this question and give enough of what I'll need to do to hopefully get some direction from some of the WCF experts here.

Basically, I'll be building a client that needs to send a SOAP message to a remote web service (our customer) that is not .NET on the server side.  We have to first go through an initial call that gets back a cookie, then we have to do something with that cookie and from that we can "manually/programmatically" build our SOAP message to POST to the service.  We need to encrypt the SOAP message, so WS-Security is involved.

All of this has to be done programmatically, not using a proxy built with svcutil, etc.  This is because of the cookie scenario where we have to talk to an intermediate server first, get the cookie, then build the SOAP, then encrypt, then built an HttpWebRequest to post to the remote service.

I'm interested in suggestions, but this has to be done fast so any recommendations for "a better way to do it would be...." are appreciated, but at this point we have to get this done yesterd

View Complete Post

More Related Resource Links

Return of the Rich Client: Code Access Security and Distribution Features in .NET Enhance Client-Sid


Rich clients employ many of the features and conveniences of the operating system they run on, and the list of these features has been growing since the dawn of the PC. But as apps have migrated to the Web, the trend towards increasing client-side functionality has ground to a virtual halt. There are several reasons for this; chief among them are security and deployment problems. But that's all about to change. With the .NET Framework, you can participate in building the distributable rich client of the future. In this article, the author enumerates the pertinent features of .NET that will allow you to build safe, easily deployable controls. The features discussed include managed code, code access security, versioning control, Windows Forms classes, and isolation.

Jason Clark

MSDN Magazine June 2002

Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr


This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000

WCF client WS-Security Username + X.509 + https

Hi all, I need help to build a wcf client. The client has to send a ws-security message wiht BinarySecurityToken tag and UsernameToken tag. The transport is https. The UserNameToken is composed only by the Username field without the Password. I have set in configuration file the security mode="TransportWithMessageCredential" but  I cannot set in the <message clientCredentialType="">  "Username" and "Certificate" both active at the same time. I have to send in the soap header two Reference with two digest, one for the body, one for the UsernameToken. Can someone  help me ? By and Thanks

How to implement Security RTP in RTC Client


Hello! I am developing a VoIP softphone in C# using RTC Client API. I need to add Security RTP but I don't know how because I don't know if RTC Client supports SRTP.


Has anyone any idea or another way to get it??? Thank you.

Net.TCP Endpoint; Windows Authentication security; client can connect to a server at localhost but n


Hey all, so here's what going on:

I have a WCF Service that I have setup as a Windows Service.  Everything works perfectly when I attempt to use the system with all of the components (i.e. server and clients) on the same machine.  However, when I try to connect my client from a different system, I get an error that is trying to tell me that the server rejected the client's credentials.

I need the client to the able to connect from a different machine.  I want to implement a SQL Role Provider kind of credentialing in the future, but for now, I just need it to work.

What I have tried
I have looked around online and read a few other posts as well some things in the MSDN KB and I have either not found the answer, or not understood it.

  • I have tried setting the <security mode="Transport"> to "None" with the hope that that would disable the accreditation entirely.  All it did was result in a different error saying that there was an error that might have been caused by an invalid message.  I have also tried a few other configurations with this element in the app.config file; to no success.
  • I have read some things about Impersonation, but I am not quite sure I understand how to implement it

How to intercept the raw XML messages of a WCF client using WS security???


Hi there,

I've set up a WCF service using WS-Security. I've also implemented an according test client. For testing purposes it's often important to know how the raw XML looks like, that has been sent to the service or that was replied from it.

What I've done so far is the following. I created a special message inspector:

public class MessageViewerInspector : IEndpointBehavior, IClientMessageInspector
	#region Properties

	public string RequestMessage { get; set; }
	public string ResponseMessage { get; set; }

	#region IEndpointBehavior Members
	public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)


	public void ApplyClientBehavior(ServiceEndpoint

Error message "Could not locate the security token referenced by key info" with WCF custom client (V



I’m trying to develop a custom client, a console application, to connect it with a Web Service (Java Web Service) and call publics web methods with Visual Studio 2008 (.Net Framework 3.5) and WCF, but I’m getting an error message (“Could not locate the security token referenced by key info”).

I’m employing two certificates, a server certificate and a client certificate, because I have to sign and encrypt the message that I send to the Web Service. Both certificates are correctly installed in my certificate repository. In my client Web Service generated with “svcutil” tool, I’m added this line to sing and encrypt the message:


Defining both transport and message security on a wsHttpBinding client



My customers requirement was to find a way of performing mutual authentication with ISA 2006 using WCF 3.5 and client certificates. I achieved this easily enough using a security mode of transport and defining a client certificate in the endpointbehavior. I had to jump through some hoops on the ISA as well.

The customer also has a requirement for message security at the service which is behind the ISA server.

I therefore need my service to only require message security but for the client to navigate both transport (for ISA) and message (for the service) security.

After a little reading I am not sure this is possible using out of the box bindings, particularly wsHttpBinding. Could someone confirm this?

Additionally, I have read that IF both transport and message security are defined using certificates, that it must be the same certificate. My question here would be, what bindings are there that allow both transport and message security and why must the same certificate be used for both?

Many thanks for any help you can give.


design strategy to overcome a server side control that can be manipulated by the client - (Security


Ok so we have a dot net aspx app whereby we have some server side button controls which in some states may be disabled

However per Internet Explorer a user could  go to the developer tools and change / delete the disabled property of the button and then click the button to fire the action event.

What would be the best recommended strategy to prevent this.

many thanks

Trouble with client's SOAP security header


Out client has a web service I need to call to get some order details.  It's a SOAP service and I'm calling it over SSL.  The message has to include a username/password as well as a SSL certificate.  I have the SSL cert on my system and I sent them a copy of the public key to install on their web server.

I was unable to get it working in 2008 with WCF so I am now trying WSE in 2005.  I'm now generating a username and password but I cannot get my SSL cert included in the header.  When I try to add the cert through the WSE 3.0 setting I get an error saying the cert can't be used for encryption.  This is fine because the cert is only supposed to be used for identification. 

Here is an example SOAP header the client sent me:

    <wsa:Action wsu:Id="Id-d02f4053-1c85-41ad-a7a8-dbf6be15ddca">http://www.test.com/Order</wsa:Action>
    <wsa:MessageID wsu:Id="Id-3aadc603-4235-4ca3-a09e-6ff39b65ad8a">uuid:3024666c-d0f2-48a3-b9a7-ab10eaaeee63</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-b4508af4-5e71-42cf-a249-890b89e1334">

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Use jQuery and ASP.NET AJAX to build a client side Repeater

By sending only data to the client, you can profoundly reduce the size of what you send and see a substantial increase in performance. You also allow yourself the ability to easily add features like light-weight sorting and paging on the client. This can not only improve your users' experience, but reduce server load and bandwidth requirements.

Client Side Gridview Pagination using JQuery

I would like to show how to use Client Side Gridview Pagination using Jquery Table Pagination Plugin by using Ryan Zielke.

Use jQuery and ASP.NET AJAX to build a client side Repeater

By sending only data to the client, you can profoundly reduce the size of what you send and see a substantial increase in performance. You also allow yourself the ability to easily add features like light-weight sorting and paging on the client. This can not only improve your users' experience, but reduce server load and bandwidth requirements.

To that end, I'm going to walk you through these four steps to effectively implementing a client side Repeater, using ASP.NET AJAX and jQuery:

Practical Multithreading for Client Apps

Writing applications that use multiple threads is often considered an advanced programming task, prone to errors. In this month's column, I'll focus on a practical application of multithreading in Windows® Forms applications with some real benefits, while attempting to keep things simple. My goal is to present multithreading in an approachable way that addresses a very common need: writing applications with a user interface that remain responsive to the user.

Use jQuery and ASP.NET AJAX to build a client side Repeater

By sending only data to the client, you can profoundly reduce the size of what you send and see a substantial increase in performance. You also allow yourself the ability to easily add features like light-weight sorting and paging on the client. This can not only improve your users' experience, but reduce server load and bandwidth requirements.

Adding Client-Side Confirmation When Deleting

The JavaScript confirm(string) function displays its string input parameter as the text inside a modal dialog box that comes equipped with two buttons - OK and Cancel (see Figure 1). The confirm(string) function returns a Boolean value depending on what button is clicked (true, if the user clicks OK, and false if they click Cancel).
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend