.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
MarieAdela
Imran Ghani
Post New Web Links

WCF security settings irritations

Posted By:      Posted Date: October 22, 2010    Points: 0   Category :.NET Framework
 
Hello,

Currently I am learning about security for the WCF.

To get started I wrote me a little WCF test application (client/service) using
the dotnet framework 3.5

I am using the following binding settings:
- NetTcpBinding
- TransferMode.Streamed
- Security.Mode is not set explicitly so I assume
  SecurityMode.Tansport is used.
As far as I read the doc this means, that the windows credentials are use, right?

For testing I have the following environment:
- PC which is a member of our domain
- VM which is not member of our domain.

I tested my WCF client/server on the described environment and experienced
a behavior which I don't jet understand:

PC          VM          Communication
server     client            OK
client     server        Error Message

The error message I receive is (translated from German):
"A security request from the remote side was not fulfilled during authentication.
Increase ProtectionLevel and/or ImpersonationLevel"

Why do things work, if the server is running on the machine


View Complete Post


More Related Resource Links

WCF security settings irritations

  
Hello,

Currently I am learning about security for the WCF.

To get started I wrote me a little WCF test application (client/service) using
the dotnet framework 3.5

I am using the following binding settings:
- NetTcpBinding
- TransferMode.Streamed
- Security.Mode is not set explicitly so I assume
  SecurityMode.Tansport is used.
As far as I read the doc this means, that the windows credentials are use, right?

For testing I have the following environment:
- PC which is a member of our domain
- VM which is not member of our domain.

I tested my WCF client/server on the described environment and experienced
a behavior which I don't jet understand:

PC          VM          Communication
server     client            OK
client     server        Error Message

The error message I receive is (translated from German):
"A security request from the remote side was not fulfilled during authentication.
Increase ProtectionLevel and/or ImpersonationLevel"

Why do things work, if the server is running on the machine

Security settings for this service require Windows Authentication but it is not enabled for the IIS

  
Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

Security settings for this service require Windows Authentication but it is not enabled for the IIS

  

Hi,

 

We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2

 

Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.

 

NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2

 

IIS Setting

 

"Integrated Windows Authentication" is enabled in the "Directory Security"

 

Web.Config

<system.serviceModel>

<bindings>

<basicHttpBinding>

<binding name

An add-on for this website failed to run. Check the security settings in Internet options for potent

  

Hello everyone,,

I am using IE8 and getting this problem.

An add-on for this website failed to run. Check the security settings in Internet options for potential conflicts.


Can anyone help me,,,plz


WCF service hosted in IIS 7 returning error "Security settings for this service require 'Anonymous'

  
Using the CalculatorService provided as a WCF sample from MSDN, I tried to host it as an application in IIS 7. The virtual folder in IIS is configured as Basic Authentication enabled and Anonymous Authentication disabled. I don't have any certificates setup. This is all hosted in a single machine setting. Each time I access the service through a browser, I'm getting the error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service".

Below is my web.config --

Can someone please provide some answer, I don't want to enable Anonymous authentication in IIS. I even set the 

aspNetCompatibilityEnabled = true.

<?xml version="1.0"?>

<!--

Security Settings Question

  

I am building a ASP.NET 2.0 web application for my client. The site is temporarily hosted on a Windows XP Pro sp2 box with IIS 5.1. The site is completely secured using only Windows Authentication. No other security options are turned on in IIS. I also need to vary the access to subdirectories as well so I have created three windows groups, Admin, Test and User.

The first problem I ran into was, domain users were able to get access to the site even though they were not in any of the three windows groups. The root configuration was:

<deny users="?" />
<allow roles=".\Admin,.\Test,.\User" />

I missed the inherited <allow users="*" /> which is why they were granted access. So I added in a <deny users="*" /> which seem to fix the problem. The question I have is it didn't seem to matter if the <deny users="*" /> was before or after the <allow roles=".\Admin,.\Test,.\User" />. I would have thought that putting it before would disallow all users.

Secondly, I have a sub-directory called Admin where I only want users in the Admin group to have access. The configuration in that directory was:

<deny roles=".\Test,.\User" />
<allow roles=".\Admin" />
This worked but what has caught me by surprise was t

SharePoint Tutorial - Security

  
Security in SharePoint is comprised of users, groups and roles.



Users, Groups and Roles

Users
A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

Groups
There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Convert English to Arabic number without changing any regional settings in .net

  
Well, most applications that I worked with was multilingual that supports English UI and Arabic UI.

And one of the major issue that we have faced is displaying Arabic numbers without the need of changing the regional settings of the PC.

So the code below will help you to display Arabic number without changing any regional settings.

Asp.net web site security database

  

Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?


Someone help me.


Thank you.


System.Security.SecurityException:

  

hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ

validateRequest appears to be kicking in in MVC RC1 despite settings

  
After upgrading a project to the RC a System.Web.HttpRequestValidationException is thrown when posting a value containing HTML from a TextArea. I have checked that validateRequest=false in Views/web.config, and have set this in the application's root web.config. I have also created a fresh MVC project, created a simple view & controller and posted a simple html paragraph element with the same result. Call stack provided. [HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (html="

hello world

").] System.Web.HttpRequest.ValidateString(String s, String valueName, String collectionName) +8718538 System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, String collectionName) +111 System.Web.HttpRequest.get_Form() +129 System.Web.HttpRequestWrapper.get_Form() +11 System.Web.Mvc.ValueProviderDictionary.PopulateDictionary() +113 System.Web.Mvc.ValueProviderDictionary..ctor(ControllerContext controllerContext) +74 System.Web.Mvc.ControllerBase.get_ValueProvider() +31 System.Web.Mvc.ControllerActionInvoker.GetParameterValue(ControllerContext controllerContext, ParameterDescriptor parameterDescriptor) +53 System.Web.Mvc.ControllerActionInvoker.GetParameterValues(ControllerContext controllerContext, ActionDescriptor actionDescriptor) +109 System.W

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm

  

Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 


I already have read rights to IIS user to my BIN folder. 


Thanks for the help. 


XBAP Security

  

We have a small XBAP file upload app that we are having trouble deploying. We were getting security errors when we were pushing this application that we don't get when running in our development environments on our machines. We gave the XBAP app full permissions and still got errors. Then we created a personal certificate and were able to get this to work. But that means we have to load a client side certificate for each and every machine that wants to run this which is ridiculous. Does anyone have a solution for this?


Intranet Users Challenged When Using Windows Integrated Security

  

We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.


Security Question Answer Retrieval

  

I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).

Thanks,
Kerry


Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend