.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan
Asad Ali
Post New Web Links

IIS hosted nettcpbinding security issues

Posted By:      Posted Date: October 12, 2010    Points: 0   Category :WCF
 

I have hosted my service in IIS with nettcpbinding and IIS set to Windows auth and Anonymous is disabled. when i browse svc file i get error "security setting of service required anonmous but is not enabled on iis application site".

when i use below config file, i get this error. But when i use second config setting, i don't get this error. I am not able to figure out the diffference in 2 config files.

1.  (this setting doesn't work)

<system.serviceModel>
<behaviors>
   <serviceBehaviors>
    <behavior >
     <serviceMetadata httpGetEnabled="false" />


View Complete Post


More Related Resource Links

IIS hosted nettcpbinding security

  

Hi,

I have hosted my service in IIS with nettcpbinding and IIS set to Windows auth and Anonymous is disabled. when i browse svc file i get error "security setting of service required anonmous but is not enabled on iis application site".

when i use below config file, i get this error. But when i use second config setting, i don't get this error. I am not able to figure out the diffference in 2 config files.

1.  (this setting doesn't work)

<system.serviceModel>
<behaviors>
   <serviceBehaviors>
    <behavior >
     <serviceMetadata httpGetEnabled="false" />

nettcpbinding with windows security in iis hosted service

  

Hi ,

I have hosted service in iis. How can i verify my service (transport mode)is using windows authentication for client.

when i use basichttpbinding and set clientCredentialType to windows, but iis with anonymous. When i browse svc, as expected i get error that secrurity setting of servcie needs windows but iis is configured as anonymous. Similar i see expected bheavior when service is configred for anonymous, but iis is configured for windows.

But when i use nettcpbiding, irrespective of what my iis setting is (windows/anonymous), if i configure service for windows and i browse svc file. I am always able to do to without any error. when service is configured for windows and iis for anonymous; shouldn't i get an error (as seen in case of basichttpbinding)

Regards


singhhome

IIS hosted nettcpbinding security issue

  

Hi,

I have hosted my service in IIS with nettcpbinding and IIS set to Windows auth and Anonymous is disabled. when i browse svc file i get error "security setting of service required anonmous but is not enabled on iis application site".

when i use below config file, i get this error. But when i use second config setting, i don't get this error. I am not able to figure out the diffference in 2 config files.

1.  (this setting doesn't work)

<system.serviceModel>
<behaviors>
   <serviceBehaviors>
    <behavior >
     <serviceMetadata httpGetEnabled="false" />

IIS hosted nettcpbinding security issue

  

Hi,

I have hosted my service in IIS with nettcpbinding and IIS set to Windows auth and Anonymous is disabled. when i browse svc file i get error "security setting of service required anonmous but is not enabled on iis application site".

when i use below config file, i get this error. But when i use second config setting, i don't get this error. I am not able to figure out the diffference in 2 config files.

1.  (this setting doesn't work)

<system.serviceModel>
<behaviors>
   <serviceBehaviors>
    <behavior >
     <serviceMetadata httpGetEnabled="false" />

Transport level security with netTcpBinding

  
Does service and client need to be part of domain with netTcpBinding endpoint configured to used Transport security mode with Certificate based client credential type and protect level set to EncryptAndSign <bindings> <netTcpBinding> <binding name="CertificateWithTransport" maxBufferPoolSize="100000000" maxBufferSize="100000000" maxReceivedMessageSize="100000000" portSharingEnabled="true"> <readerQuotas maxDepth="100000000" maxStringContentLength="100000000" maxArrayLength="100000000" maxBytesPerRead="100000000" maxNameTableCharCount="100000000" /> <security mode="Transport"> <transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/> </security> </binding> </netTcpBinding> </bindings> Thanks      -= JL =-

Security issues with SPSecurity.RunWithElevatedPrivilages()

  

I'm having issues with some web parts that I've developed for SharePoint 2007.  I have 2 pieces, the deployment, which adds pages containing the new web parts and sets configuration values, and the web parts, which read the configuration values.

The configuration values are stored in the SPFarm.Properties property bag.  Up until now I haven't had an issue with this, but just recently I've tried adding a new web part to a page through the SharePoint UI and boom, it breaks giving me a SecurityException with the ever helpful "Request failed." message.  Here's the bit of code that's being used:

 

Configuration class:

 

  public static class ConfigurationSettings
  {

    /* OTHER CONFIG PROPERTIES HERE */

    public static string ApiEndpointURL
    {
      get
      {
        return ConfigurationSettings.get<string>(KEY_API_ENDPOINT_URL);
      }
      set

WCF service hosted in IIS 7 returning error "Security settings for this service require 'Anonymous'

  
Using the CalculatorService provided as a WCF sample from MSDN, I tried to host it as an application in IIS 7. The virtual folder in IIS is configured as Basic Authentication enabled and Anonymous Authentication disabled. I don't have any certificates setup. This is all hosted in a single machine setting. Each time I access the service through a browser, I'm getting the error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service".

Below is my web.config --

Can someone please provide some answer, I don't want to enable Anonymous authentication in IIS. I even set the 

aspNetCompatibilityEnabled = true.

<?xml version="1.0"?>

<!--

Security issues using LINQ ?

  

SQL 2005 SP3 Standard.

I used to assign execution permission to stored procedures; you all know the benefits of this choice.

With the use of LINQ, developers move routines into Visual Studio, asking for datareader and datawriter permissions, with clear security problems.

How can I do to mitigate this situation ? Which are best practices in this case ?

What is the official position from Microsoft, about that ?

Thanks.


SharePoint Tutorial - Security

  
Security in SharePoint is comprised of users, groups and roles.



Users, Groups and Roles

Users
A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

Groups
There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Asp.net web site security database

  

Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?


Someone help me.


Thank you.


System.Security.SecurityException:

  

hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm

  

Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 


I already have read rights to IIS user to my BIN folder. 


Thanks for the help. 


XBAP Security

  

We have a small XBAP file upload app that we are having trouble deploying. We were getting security errors when we were pushing this application that we don't get when running in our development environments on our machines. We gave the XBAP app full permissions and still got errors. Then we created a personal certificate and were able to get this to work. But that means we have to load a client side certificate for each and every machine that wants to run this which is ridiculous. Does anyone have a solution for this?


Intranet Users Challenged When Using Windows Integrated Security

  

We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.


Security Question Answer Retrieval

  

I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).

Thanks,
Kerry


Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend