.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Post New Web Links

Can service authenticate itself ( at transport security level ) using username/password authenticati

Posted By:      Posted Date: December 04, 2010    Points: 0   Category :WCF
 

hi

At transport level clients can be authenticated ( depending on the binding ) via certificate, username/password or windows account. I know service can authenticate itself to clients via certificates, but can it also authenticate itself at transport security level using username/password authentication or perhaps windows authentication?

For example, I thought we can set a username/password with which service authenticates itself via ServiceCredentials.UsernameAuthentication property, but it appears this property is only used to configure how clients get authenticated ( via username/password ) by a service.

thank you




View Complete Post


More Related Resource Links

Transport level security with netTcpBinding

  
Does service and client need to be part of domain with netTcpBinding endpoint configured to used Transport security mode with Certificate based client credential type and protect level set to EncryptAndSign <bindings> <netTcpBinding> <binding name="CertificateWithTransport" maxBufferPoolSize="100000000" maxBufferSize="100000000" maxReceivedMessageSize="100000000" portSharingEnabled="true"> <readerQuotas maxDepth="100000000" maxStringContentLength="100000000" maxArrayLength="100000000" maxBytesPerRead="100000000" maxNameTableCharCount="100000000" /> <security mode="Transport"> <transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/> </security> </binding> </netTcpBinding> </bindings> Thanks      -= JL =-

An exception occurred when trying to issue security token: The security token username and password

  

Hi,

  I get a problem authenticating people in Sharepoint 2010 LDAP provider.

  Right now, I can successfully config the central admin for LDAP provider, (I can search people that in LDAP server,assign ldap people without problem). Also I can search LDAP people in my site. Then I tried to login using ldap username and password, it shows "An exception occurred when trying to issue security token: The security token username and password could not be validated.."

  First, I thought maybe there were some typo in my site web.config, so I enabled the windows login, log into my site using my windows account, there, I can search LDAP user in my site with no problem. So I believe that my site web.config is alright. The only thing left is the STS.But I am not sure what could be wrong , because membership and role part are just simple copied and pasted from my site web.config.

  Here is the web.config for STS. Please Help. Thank you.

<?xml version="1.0" encoding

How do I pass username/password credentials from php client to self-hosted wcf service?

  
I have a self-hosted wcf service that just adds 2 numbers and returns the value.  It works fine, but I am not sure how I can send the username and password through the php client, so it will validate against my CustomUserNamePasswordValidator.  Here is the implementation for the Add Method:

  
public class MathService : IMathService
  {
    public double Add(double x, double y)
    {
      return x + y;
    }
  }


Here is my current App.Config:

   
<?xml version="1.0" encoding="utf-8" ?>
  

Transport Level Security Vs Message Level Security in WCF

  
*Transport Level Security
It secures the actual transport (i.e. the pipe) over which the message passes through from client to a service. For
example it uses SSL (Secure Socket Layer) to ensure point-to-point protection.

*Message Level Security
It secures the message itself that is being transported from client to a service and vice versa.

Security Briefs: Regular Expression Denial of Service Attacks and Defenses

  

Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.

Bryan Sullivan

MSDN Magazine May 2010


Security Briefs: XML Denial of Service Attacks and Defenses

  

This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.

Bryan Sullivan

MSDN Magazine November 2009


Geneva Framework: Building A Custom Security Token Service

  

A Security Token Service, or STS, acts as a security gateway to authenticate callers and issue security tokens carrying claims that describe the caller. See how you can build a custom STS with the "Geneva" Framework.

Michele Leroux Bustamante

MSDN Magazine January 2009


Security: Safer Authentication with a One-Time Password Solution

  

One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008


Security: Authenticate Users Across Organizations Using ADFS

  

Jack Couch looks at how to set up ADFS and when to use it; he then shows how to connect to an outside organization to offer single sign-on.

Jack Couch

MSDN Magazine December 2007


Security Briefs: Password Minder Internals

  

In my last column I introduced Password Minder, the tool I use to manage all of my passwords. It generates a long, random password for each site I visit, and makes it possible for me to use the most complex passwords possible, without ever having to see the actual password material or type it in manually.

Keith Brown

MSDN Magazine October 2004


Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets

  

As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003


Password recovery by entering email not username

  

Hi,

I am using the ASP.Net password recovery control.  By default the user needs to enter their username before an email gets sent out to them.

If it possible instead of entering the username, email is used instead?  Alot of my users forgets their username but not email.

thanks


Password / Application Security.

  

I am using a function which requires a user name and password. I have written this username and password in my code behind file. How safe is it? If it is not safe, what are the risks and how to provide security to my code and application?


Accessing Username, password, roles in xml file

  

Currently I am storing my username and password (passwordFormat="SHA1") credientails in my web.config.  I would like to figure out how to access them in an xml file that I have stored in my App_Data directory rather than the web.config file because I do not want my application restarting everytime I manually add a user (small list of 5 authorized users for the CMS section).

Here is what my web.config section looks like:

 

<authentication mode="Forms">
      <forms name=".Administration"
            loginUrl="~/SiteAdmin/Default.aspx"
            defaultUrl="~/SiteAdmin/Administration/Default.aspx"
            protection="All"
            timeout="30"
            path="/"
            requireSSL="false"
            slidingExpiration="true"
       &n

How to Pass UserName & Password to codebehind page using jquery

  
here is login form I would like to use.
Right now it is not communicating with my codebehind page.
How do I modify the jquery  login code to post the username and password to the codebehind?
 
Thanks
 
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="Default2" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>sourcedealsheet</title>

<link rel="stylesheet" type="text/css" href="styles/chop1.css" />
<script type="text/javascript" src="js/chopjs/jquery-1.3.2.min.js"></script>


<script type="text/javascript" src="js/chopjs/three.js"></script>
<!--[if IE 6]>
<script type="text/javascript" src="js/ie_png_fix.js"></script>

Windows Identity Foundation Security Token Service can't stay logged in

  
I'm using the Windows Identity Foundation **(WIF)** Security Token Service **(STS)** to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in. Here's what occurs in my login.aspx on the STS var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket); if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(cookie); var returnUrl = Request.QueryString["ReturnUrl"]; Response.Redirect(returnUrl ?? "default.aspx"); Which was taken almost directly from existing application using normal Forms Auth. From my web.config <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="2880" name=".STS" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </auth
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend