What is meant by the term " intermediate application" in this sentence : Use transport security when you are sending a message directly from your application to a WCF service and the message will not be routed through intermediate systems.
Related
Is it possible a service to call client after 4 -5 days when client is offline? e.g.
1. The client request some reports through service.
2. Service updates database with client request.
3. Offline work is done on the request
4. Report is uploaded to the database.
Can we service call its client and send report as soon as report is uploaded to database?
Can WCF duplex service be used to call client when client is offline?
Yes. WCF can be configured to use MSMQ as a transport. MSMQ is the only WCF transport that allows for all three:
disconnected scenarios
resume when computer becomes online and
optionally provide a level of guaranteed delivery
MSDN:
If you need to support disconnected queuing, use netMsmqBinding. Queuing is provided by using Microsoft Message Queuing (MSMQ) as a transport, which enables support for disconnected operations, failure isolation, and load leveling. more...
Essentially you invoke a WCF method (send a MSMQ message) and it will be delivered when the computer comes on-line again. Assuming you have set the appropriate expiration options.
Here is WCF binding and security question I'm quite confused:
You are hosting a Windows Communication Foundation (WCF) service at
http://www.contoso.com for a law enforcement agency. The agency adds
operations to support sending biometric fingerprint data via
non-buffered streaming. The service data is routed between
intermediaries. The WCF binding you are using by default does not
support encryption. You need to ensure that the fingerprint data is
not disclosed when passed over the network. What should you do?
A. Use basicHttpBinding with message security to https:// www.contoso.com
B. Use basicHttpBinding with transport security to https:// www.contoso.com
C. Use wsHttpBinding with message security to https:// www.contoso.com
D. Use wsHttpBinding with transport security to http:// www.contoso.com
Answer is B. But I think here it says "The service data is routed between intermediaries", so message security should be favour over transport security. Well, it did say "The WCF binding you are using by default does not support encryption", but the options here do offer using wsHttpBinding, so I think both A and C will do. Can anyone tell what I'm wrong there?
This sentence in the question is the key:
The WCF binding you are using by default does not support encryption
So that means the question is implying you are using basicHttpBinding, since wsHttpBinding has WS*-Security enabled by default. You can actually inspect the calls via Fiddler. The messages are signed and encrypted using a security token by default - for the gory details - this explains the SPNEGO token that is cached on the service.
So that eliminates C, D because of the sentence I highlighted earlier.
That leaves A and B. I don't agree with B as MSDN itself states that Transport security only secures messages with the communication is point to point. If the message is routed to one or more SOAP intermediaries before reaching the ultimate receiver, the message itself is not protected once an intermediary reads it from the wire.
The question also clearly says:
The service data is routed between intermediaries
Therefore, I beleive the correct answer is A, some WCF experts on SO may correct me.
I am developing a generic logging object which will be used within all of our future applications. It will submit a log to MSMQ, which will then asynchronously send it off to our server that will log that message to a database.
Currently I am trying to understand the architecture of how this will work. On the client side, once a log is submitted to MSMQ, will MSMQ then submit the log to WCF to send off to the server (which I assume will have another WCF endpoint receiving the messages)? Basically, I am asking what is the order of services that the log will travel through? I have read about netMsmqBinding for WCF, is this what I will need in order to send a log from MSMQ to WCF, and then I can use a basicHttpBinding to send it from WCF to WCF on the server side?
Something like:
[Client application] -> Logger -> MSMQ -> WCF ----------> [Server] WCF -> DB
WCF has netMsmqBinding that can handle both client and server messaging. If you use it MSMQ will be almost invisible to you. You will send message to WCF service, it will be put to MSMQ and server-side WCF will pick it and invoke method like with any other binding.
If you have any experience in creating WCF service you should do the same but also create MSMQ Queue.
Here are useful links: http://sukasom.wordpress.com/2008/08/18/wcf-and-msmq-part-1/, http://msdn.microsoft.com/en-us/library/ms752217.aspx
I'm building a WCF Service that uses Custom Username/Password validation on netTcpBinding with message level security. I've been researching MaxReceivedMessageSize settings and I've got a query of a rather technical nature. I've noticed that when you specify a custom username validator that it gets called deep inside the plumbing of WCF (during handshaking I suppose).
If I have a relatively large MaxReceivedMessageSize of 1MB, will WCF read the entire message off the line and then do authentication, or will it first do the authentication and somehow discard the rest of the message?
The reason for my query is DoS attacks. I am hoping that due to the authentication the service would be immune to large message DoS attacks.
I believe that full message is loaded. The message is first processed by transport channel which doesn't have any information about message security. So the channel reads the whole message with using selected encoder and creates Message instance. This instance is passed to futher processing including message security checking. The only exception is when you use Streamed transfer mode. In that case only message headers are read in receiving channel and placed to buffer.
To prove this you can also turn message logging which is able to log messages on transport level and at service level. Transport level is message received from transport, service level is message received at service (after all security processing). So the message is already read at transport level.
I'm building some routing functionality between services. The original service and the service that does the routing have an identical configuration; both are using netTcpBinding with the following binding configuration:
netTcpBinding
security mode="Message"
message clientCredentialType="UserName"
The service behavior uses a AspNet Membership Provider and a client certificate we've installed on the machine.
When I switch off the message security it relays just fine but when it's switched on I get the following exception:
"The message could not be processed. This is most likely because the action 'http://foo/Whatever' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings*. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding." (Emphasis mine)
My thinking is that the certificate is operating on the message twice (once on the original call and then on the relay) and this is what corrupts the message's security token.
Questions:
Is my thinking on target?
Is there a way to continue to use message security for routing without having the complexity of a token service?
You mentioned switching between no security and message security. Are you making sure to change both the WCF service endpoints as well as the endpoint on the receiving end? If not, and the two do not match up, you will receive an error. That's what that error seems to be saying to me.
For Question 2, what type of environment are you running in? A closed system where you could use encrypt and sign, or a public environment, where you might need to be using a special key?