.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Securing WCF Service output

Posted By:      Posted Date: October 25, 2010    Points: 0   Category :WCF
Hello there,

I have a WCF Service which is consumed by a web application right now.
This WCF service creates reports and saves them to a folder on server.
Also, it updates the database with a complete url to download the report.

I am concerned about the security of complete url being updated in the database. One option is to save only the report filename in database but then Client Application has to know in what folders the report is stored on server... which essentially means that all calling application has to know about the report location on server.
Note: Folders are created dynamically depending on request, so can't save the folder path in config file.

Whereas if I add the report location to database, client application can simply query for that and access the report.

Please guide me for a secure way out.

Thank you!
Dream Big!

View Complete Post

More Related Resource Links

Foundations: Securing The .NET Service Bus


This column shows you how to secure the .NET Services Bus and also provides some helper classes and utilities to automate many of the details.

Juval Lowy

MSDN Magazine July 2009

Service Station: Securing Web Services with WSE 2.0


Beginning this month, The XML Files will run under the name Service Station. We have made this change so that the column can discuss broader topics such as Web services, service-oriented architecture, and the like.

Aaron Skonnard

MSDN Magazine October 2004

Securing my service

Hi guys, Can you please help me out.  I have a .NET4 WCF Service which I have deployed and is working fine over HTTP.  I have purchased an SSL certificate for my website and would now like my service to be over HTTPS.  Can someone please advise what little addition I need in my website config file to get this working. I have changed my client application to use https://domain/service and changed the endpoint in the client app to use transport security but it is says no endpoint is listening, I have also tried serviceMetadata httpsGetEnabled="true" httpGetEnabled="false".  I think I need to setup the https endpoint in the website config but since things seem to be have been simplified and there is less in the config than there was for WCF previously I need some guidance. Thanks for your help. John  

problems with trace.writeline not writing output messages on multiple instance/thread service



I've come across something strange and can't quite figure out what could be going wrong. I have a windows service which processes queue items in a threadpool (default 5 threads).

So, during testing, i "debug, start new instance" and spin up about 4-5 instances of the service, and on average there is about 25 threads going at same time.

My trace code:
Trace.WriteLineIf(traceOutput.TraceVerbose, string.Format("processing Item for {0}", item.id));


this seems to work for a while and writes the trace code to the output window, but after a while, the trace output just stops being output to the window.. has anyone else experienced this before or could know what might be going wrong?




Dot Net WCF accessing Java Web Service which exposes a Java Output Stream


Hi Folks,

I am working on a project where the WCF code calls a Java Web Service which exposes a Java OutputStream.

When this java output stream is accessed from dot net, dot net is not able to read from it (or) cast it to any of the .Net available streams like for example (System.IO.Stream) or httpresponse or httprequest streams.

Has anyone tried accessing java streams over a proxy coming from a java web service through WSDL.

The error we get is : Cannot implicitly convert ProjectName.ServiceRefName.OutputStream to System.IO.Stream




Windows Service Applications Tutorials

You can easily create services by creating an application that is installed as a service. For example, suppose you want to monitor performance counter data and react to threshold values. You could write a Windows Service application that listens to the performance counter data, deploy the application, and begin collecting and analyzing data.

WCF Tip: Using Properties in Service Contracts

you'll notice all of the Service Contracts are implemented with interfaces containing only methods. For the longest time I thought that's all that was supported, until I thought about it a little more. In C# land, properties are simply wrappers around a get method and set method, so why wouldn't we be able to use properties in a service contract? Well the answer is we can.

Realizing a Service-Oriented Architecture with .NET

This article is meant to be a practical discussion guide to building a .NET application in a service-oriented architecture. We will consider real-world goals, real-world obstacles, and experience-based solutions. I quickly concede the approaches discussed here are not exhaustive or infallible. This paper is focused on application development, not application integration. We will specifically consider architectural issues and component design issues.

The Potential of Web Services

Web Service for uploading documents into SharePoint

WS UploadService is a web service written for Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 and is meant for uploading documents into SharePoint. I have just uploaded the zip file to GotDotNet.com so it will take some time before the zip file appears in the list of downloads. For the time being, you can download the zip file from the following location

Comma-Delimited Output

One of the common tasks performed when retrieving data from a SQL Server database is returning the result as a comma-delimited output instead of a result set. This task can be performed by using a CURSOR selecting the column to be concatenated together. Each row returned by the CURSOR is then concatenated together into a variable separating each one by a comma.

Creating and Using an ASP.NET Web Service in Visual Web Developer

In addition to letting you create Web pages, Microsoft Visual Studio also lets you create Web services that use ASP.NET XML. Creating a Web service in Visual Studio is similar to creating a Web page. You can also use the Microsoft Visual Web Developer Web development tool to reference and use Web services that are in a Visual Web Developer solution, on your local computer or in a local or external UDDI directory. In this walkthrough, you will create the Web service in one solution and use it in another.

Tasks illustrated in this walkthrough include:

Creating a simple XML Web service in Visual Web Developer.

Creating a separate Web site that uses the Web service.

Enterprize library 4.1 getting output parameter after adding record in db, plz guide



I need to get output parameter (flag) from db after saving record in database. I am using Microsoft Enterprise Library 4.1 for DB. I am inserting record using I Data reader.

Please guide


Inline conditional output


Is it possible to somehow output some content based upon some conditional check in Razor? If not, I hope this possibility will be added in the future. What I want to do is the following:

<option value="1" @if(ListMode == 1) { = "selected=\"true\"" }>Full list</option>

As I can't figure out a way to do this, I have to either make a helper that does it for me or write duplicate code.

AutoGenerateSelectButton="False" ignored when using Domain Service


Crosspost from RIA Services forum: http://forums.silverlight.net/forums/t/196466.aspx

I'm creating a Dynamic Data application in VS2010 and have recently switched to using a Domain Service to give greater control over the data presented to the client. I've noticed that the AutoGenerate<Action>Button attributes on my GridView are being ignored. The presence of the Edit and Delete buttons appear to be contingent on the existence of Update and Delete methods on the partial classes autogenerated in the Domain Service, but i'm not seeing how to control the generation of the Select button. Is there a way to control this from within the Domain Service class?

saving XML output from webservice


 I created a webservice that takes casenum as input and gives results as a dataset in an XML.

I could make a web client to display the resulting dataset in a grid view. Pls see my code copied below.

Now I want to create a console client that takes the casenum as input, to call the webservice and saves the resulting xml for further processing, but can't figure out how to just capture the xml to save. Here's the code for my web client. I would appreciate if you could help modify this tocapture the resulting xml to save file locally.

Thank You.

namespace ResultsWebServicesClient
    public partial class _Default : System.Web.UI.Page
        protected void Page_Load(object sender, EventArgs e)

        private void BindDataToGrid(string CaseNum)
            FG_Results results = new FG_Results();
            DataSet ds1 = new DataSet();
            ds1 = results.Get_FG_Results(CaseNum);
            GridView1.AutoGenerateColumns = true;
            GridView1.DataSource = ds1.Tables[0];

        protected void GetResults(object sender, EventArgs e)


Any framework for creating a job scheduler service?


Just curious to know if there was any official Microsoft code blocks, classes, or such for writing a service that runs other assemblies or WCF services?  That can be configured easily from a web page, pre-coded, for running tasks at certain times on certain recurring intervals?  I've already built one but am open to anything done better- which I'm sure there is.  Thanks!!!

Convert WCF service to self hosting application


 I created project as a  WCF Service application and now according to recuriment that needs to be converted as a self hosting application

How can i do this?

Converting WCF service app to Self hosting app?

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend