.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

How to secure a Web Service very very Simple?

Posted By:      Posted Date: April 14, 2011    Points: 0   Category :Windows Application

Hi I am making a student project with diverse clients (ASP.NET MVC, WP7, WPF) consuming a default WCF Service Application. I haven't configured the WCF Service in any way, it's right out of the box from VS 2010.

Now I am logging in and out on my clients by calling a method on the WCF service with a username and password.

But then I was thinking that my service is proberly quite insecure, I was thinking, if anybody know the service endpoint, then I guess, as it is now, everybody can call the methods on my service, right?

Now remember that this is just a student project, but I was wondering if there is a really simple and quick way I can somehow authenticate or authorize (don't know which word is the right one) access to the web service, so that not just everybody can use my web service, cause I think thats the scenario right now.

I can also say that I am using forms authentication in the ASP.NET MVC client, I am not using the ASP.NET Membership and Role Provider.

So is there a really simple and quick way to make the web service not just open to everybody who knows the endpoint? Remember it has to be really simple, so I can do it quick, otherwise I drop it, if it's too complicated.

View Complete Post

More Related Resource Links

Cutting Edge: Building A Secure AJAX Service Layer


This month Dino builds a service layer that authenticates users of Silverlight 2 and ASP.NET AJAX services to prevent illegal access to sensitive back-end services.

Dino Esposito

MSDN Magazine September 2008

Secure Habits: 8 Simple Rules For Developing More Secure Code


Never trust data, model threats against your code, and other good advice from a security expert.

Michael Howard

MSDN Magazine November 2006

Looking for a simple Service and Console Client REST sample implementing BASIC authentication


Does anyone know of a C# code sample demonstrating WCF REST services and console test client with OperationContracts (GET and POST) implementing mutiple paramaters using BASIC authentication? Also, perhaps, using Fiddler as a test client as well? I have searched high and low for something like this, but have not had any success.

How to create simple web service in VS2010, NOT WCF service

How to create simple web service in VS2010 Professional (trial version). There is no template to do this.  I am not trying to create WCF service here.

How to Programatically SetCredentials for Secure Store Service Application in Sharepoint 2010 using

I have to setup Credentials for Secure Store Service application programatically. To get Stored Credentials I have following code and its working fine. using (SPSite site = new SPSite("http://vtlssp2010Dev")) //using (SPSite site = new SPSite("http://" + System.Environment.MachineName + "/sites/Site_Name"))d { Console.WriteLine(site.RootWeb.CurrentUser.Name); SPServiceContext context = SPServiceContext.GetContext(site); prov.Context = context; try { SecureStoreCredentialCollection cc = prov.GetCredentials(appID); foreach (SecureStoreCredential c in cc) { IntPtr ptr = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(c.Credential); string sDecrypString = System.Runtime.InteropServices.Marshal.PtrToStringUni(ptr); Console.WriteLine(sDecrypString); } } catch (Exception ex) { Console.WriteLine("Unable to get credentials for application " + appID); Console.WriteLine(ex.Message); } Console.ReadLine(); } } All I want is to programmatically do set credentials like explained in this example on msdn. http://msdn.microsoft.com/en-us/library/ff798456.aspx Please help. Shamshad Ali  

Secure Service Store and custom web application.

 Hello All,  I have a problem for which I would like to use the Secure Service Store.  I've searched for similar solutions involving the SSS but I've not had any success yet.  Maybe I'm missing something obvious or going about it the wrong way.   We have an external application (actually, a number of external applications) we'd like to embed in our SharePoint site using an iframe or the Page Viewer web part.  The embedded application uses a custom forms based authentication scheme and I want to prevent the situation where a user has to log into our application then log into the embedded application.  Is there anything available the help post the credentials from SSS to the custom application?  The only think I can think to do is write some code that mimics a post to the login page of the embedded app and, if needed, write a stripped down or simpler login page for the embedded app to make that easier.  For my immediate task I have quite a bit of control over the source of both application and could write custom code on both sides if I had to, but I'd rather have a solution that only involve configuration or, at most, custom code on the SharePoint side.  Thanks,  Brandon 

Sharepoint Search and Secure Store Service not working

Hi There I am having issues with a few Sharepoint Services When I try to search for a document on any SharePoint site, I recieve an "Internal Server Error Exception". However when I checked the log files, I couldn't find any error messages matching with the given correlation ID. The search was working 2-3 weeks ago. Also 2 weeks ago, I started receiving warnings in the Health Analyzer saying “The Security token service is not available”. I am wondering if the security token service breaking down is related to the search issues, and if so what suggestions I could try to fix this issue. I am also unable to access the secure store service. In Central Administration->Application Management->Manage Service Applications, I try to click on the Secure Store Service, but there is no Proxy attached to the service, and I receive a message “No Secure Store Service Application Proxy ID was found”. When I check the Logfile, I receive these errors: 08/10/2010 11:11:32.94               w3wp.exe (0x18E4)                                      0x0ADC SharePoint Foundation     &nb

How to get all Secure Store Service (SSS) applications in the farm

Hello everyone, I am trying to use SharePoint 2010 Secure Store Service (next SSS) in my application to get credentials to external system. Is there any way to get all possible applications (IDs) from API provided. Currently I am using next code to get all applications: SecureStoreProvider provider = SecureStoreProviderFactory.Create() as SecureStoreProvider;             provider.Context = SPServiceContext.GetContext(SPServiceApplicationProxyGroup.Default, SPSiteSubscriptionIdentifier.Default);             if (provider != null)             {                 foreach (var app in provider.GetTargetApplications())                 {                     Console.WriteLine(app.Name);                 }             } However it depends on SPServiceApplicationProxyGroup.Default and SPSiteSubscriptionIdentifier.Default parameters. So in case I remove SSS from

Create a new target application - Secure Store Service administration issues

Hi,I am trying to create new target application, when I go to Secure Store Service in Centra admin I have:Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator.I have used this few days ago and avarything else is working fine on the server, and I have applications created with it running fine.Any help is appreciated.cheersValko

Issues with secure token service

Recently, I converted my sharepoint site from classic authentication to claims based, using ldap.  I finally got the Ldap connection to work, but my secure token service is not working. When I try to log in, I just get taken to an error page. I know the LDAP is working because when I search for users under "add users," people show up under my forms auth.  In central administration, it says the Security Token Service is not available. The explanation states that it is not issuing tokens and could be malfunctioning or in a bad state. When I look at my event logs, I get two errors. The first one says, "Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc. TCP error code 10061: No connection could be made because the target machine actively refused it" The other entry, which is only a warning, is a lot more helpful. The source is ASP.NET 2.0.50727.0 and the task category is web event. Here are the contents:
<script> function Toggle(node) { if (!window.fullyLoaded) return; // Expand the branch? if (node.nextSibling.style.display == 'none') { // Change the sign from "+" to "-". var tBodyNode = node.childNodes[0]; var trNode = tBodyNode.childNodes[0]; var tdNode = trNode.childNodes[0]; var bNode = tdNode.childNodes[0]; var textNode = bNode.childNodes[0]; i

How to configure secure communication between web client in DMZ and WCF-service in domain



I have a question regarding security in this scenario:

In the DMZ I have an server hosting my Web application. I'm using HTTPS between the user/browser and my web application (using certificate).

My web application is supposed to communicate with a service behind the firewall (inside the domain) hosted in IIS 7.
I'm using wsHttpBinding between my web application and the WCF-service.If I have this security configuration everything works fine:

<binding name="WSHttpBinding_ServiceLong" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:20:30" <br/>

How to secure a web service consumed with AJAX


When a web service is consumed from server side, the web service may be implemented in a way to check credentials of the caller. In the case of calling the web service from javascript, how to secure the service since no credentials can be passed into a javascript function becuase of the visibility in source view? 

Unable to set up a new Secure Store Service Application in a single-server installation


Problem: after initial SharePoint installation, I tried to add the Secure Store Service Application under "Manager Services Applications".  The process screen returns something like "The time job created.  But failed to start in one or more servers in the farm."  Further investigation found that in the SQL Server, the secure service account was not added under the Login user accounts.  The Secure_Store_Service_DB has been created, but not under the name of secure store service account.  In another word, the database was created but the action seems to be incomplete.

Background: this is a single server farm installation on Windows Server 2008 R2, SQL Server 2008 R2, with AD CS and AD DS, DNS roles enabled on the same box.  The configuration task was running with the farm admin account which is also a domain admin, and has dbcreator, securityadmin, and sysadmin roles in the SQL server.


Not able to manage Secure Store Service in sharepoint 2010


I created a new instance of Secure Service Store and then when I click Manage system gives the following error message:

Cannot complete this action as the Secure Store Shared Service is not responding. Please contact your administrator.

I read somewhere to ensure the service is started.  when I check under server services I see it is started.  but when I stop it and restart it again it gives an error that Object Already Exists.  I found the only way to start it is to delete Application service I created.  But with this I'm not able to complete my settings for perfomance point services which requires secure store services to configure the unattended account.

Any help is greatly appreciated.


Building simple Service bus using WCF 4.0



We have a requirement to build a service bus for a .NET 4.0 based application. We have been exploring several options including Windows 2008 AppFabric, WCF Routing Services, and Managed Services Engine. Here is our understanding:

1.  Win AppFaric provides features such as HostingWF and WCF applications in IIS, Monitoring Features, and Caching Features.


Secure transfer of files in a wcf Service.?help and ideas needed..!!!


hey wcf guys...!! hi all

hmmm.To start with I have developed a wcf application...where files are uploaded and th wcf service also supports resume functionality as well...That is done and now remains SECURITY!!.Fine i want the files to be uploaded in a secure manner..so that no one else on the channel can access it..I mean i requrire security,,obviously..for it(application) to go live..


Now ,i actually dont know how could i implement it??..should i attach a certificate??how do i do that?? Using BasicHttpBinding in the application .Have no idea as to how will i implement security..so could any kind person please give me a clear idea an d help me go through this..??

anyway..thanks in advance..waiting for some good ideas and responses...



Mumtaz Surani

secure storage service


I have to create two sharepoint2010 sites which will have different set of credentials for a user(same user have different credential in these sites).

I want to use Secure store Service(SSS)-SharePoint 2010 and i have done some RnD on this.

i know how to configure SSS and create a "target application" but dont know what to after this.

Can any guide me on this-   i will appreciate step-by-step solution

Thanks and Regards Ritesh anand
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend