Basicbinding ServiceSecurityContext Null - wcf

I have a service that uses wsHttpBinding security mode="Message" message clientCredentialType="Windows" negotiateServiceCredential="false" establishSecurityContext="false" .
When a client calls the service, on the service side I can use ServiceSecurityContext context = OperationContext.Current.ServiceSecurityContext; in order to get the callers credentials.
However, now I need a Java client to call this service. Apparently, wsHttpBinding does not interop easily w/Java (I thought that was the whole point of services). So I need to change the binding to basicHttpBinding to get the interop, but now OperationContext.Current.ServiceSecurityContext returns null.
I have tried mutliple combinations from posts I have seen, but all the post are slightly different and did not work for me.
I am hoping that someone smarter than I can resolve this once and for all.
Here are the requirements:
1.)Basicbinding needs to be used.
2.)OperationContext.Current.ServiceSecurityContext needs to be populated automatically and retrieved on server side like it is with wsHttpBinding.
Here are the basic bindings I used among others..
<basicHttpBinding>
<binding name="CustomBasicBinding"
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
Is it possible?
Thanks in advance

Related

WCF SoapUI WsHttpBinding

I am hoping someone can help me with this. I am trying to use SoapUI to invoke a WCF service with WsHttpBinding. The service requires that I pass the client certificate. How can I pass this in Soap UI? I can easily create a client and invoke the service but I would like to be able to do this in SoapUI.
Is this possible and if yes, it would be greatly appreciated to get the instructions.
You might want to check for few things.
1) Set negotiateServiceCredential="false"
<wsHttpBinding>
<binding name="wsHttpSecure">
<security mode="Message">
<message clientCredentialType="UserName" negotiateServiceCredential="false"
establishSecurityContext="false" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
2) Also make sure in SOAP UI you check mark "Add default WSA To"
Check this link
http://ddkonline.blogspot.com.br/2012/10/wcf-45-host-unreachable-when-calling.html
3) For passing client certificate check following link
http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html
I hope that helps.

Accessing ServiceSecurityContext.Current.PrimaryIdentity.Name from within a WCF service

I'm very new to WCF, but I've searched this topic pretty thoroughly and haven't come up with a satisfactory answer, so here goes my question:
While within my WCF service, I need to access the user's username. From everything I've read, I should be able to get that from ServiceSecurityContext.Current.PrimaryIdentity.Name. However, instead of returning Domain\Username as I had hoped, it always returns NT AUTHORITY\NETWORK SERVICE . How can I get the actual Domain and Username of the individual that is logged in to the machine accessing my service?
Thanks.
Have you looked at the ServiceSecurityContext Class?
Represents the security context of a remote party. On the client,
represents the service identity and, on the service, represents the
client identity.
e.g.
ServiceSecurityContext.Current.WindowsIdentity.Name
...ensuring that you have your service set up to authenticate via Windows security.
To Use Windows credentials , set the clientCredentialType to "Windows". use wsHttpBinding, or netTcpBinding if its within LAN
<bindings>
<netTcpBinding>
<binding name="WindowsCredentials">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>

UsernameToken and SSL in WCF 4 web service

I am creating a web service that will be consumed by a single client in another part of the world. I don't have any knowledge or control over the technology they are using but have been asked to
"use SSL to encrypt the message during transport and use UsernameToken
for client authentication"
I'm planning to use WCF4 to create the service and know generally how to set this all up. However I'm struggling to find the correct configuration for bindings etc. Google gives me lots of results around WSE 3.0 but I'm pretty sure (please correct me if I'm wrong) that I shouldn't be using WSE for a WCF service.
This article initially seems to suggest I should be using a custom binding but then also says I should "consider using the WCF system-defined bindings with appropriate security settings instead of creating a custom binding". However I can't see any examples of what this should be.
I would be grateful if anyone can point me in the right direction.
tl;dr: What are the WCF4 config settings to support SSL and UsernameToken?
Take a look at the WsHttpBinding. You can use a security mode of TransportWithMessageCredential to use SSL and a message credential of UserName. If you are hosting in IIS set up SSL there.
You can set up the binding in config as follows.
<bindings>
<wsHttpBinding>
<binding name="secureBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
You can then use this binding config as follows
<services>
<service name="ServiceName">
<endpoint address="" binding="wsHttpBinding" contract="ContractType" bindingConfiguration="secureBinding" />
</service>
</services>
Both these elements are children of the system.serviceModel element in config.

wcf Binding configuration and security

I'm reading a book on Wcf. I always get confused when there is topic on binding configuration. Eg. In one chapter for securing service in internet environment, author used the following code in the config file.
<bindings>
<wsHttpBinding>
<binding name="ProductsServiceWSHttpBindingConfig">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
Everything works fine as described in the book. But I don't see any description in book, why TransportWithMessageCredential is used in place of Transport. Similarly why the <transport ... is None and <message ... is not None. Is there any matrix (or any other way to figure out) about which options to use with which binding (and in which environment)? My hunch is that certain options will go with certain binding. Thanks in advance.
Yep, here's a few:
http://msdn.microsoft.com/en-us/library/ms730879.aspx
http://mkdot.net/blogs/dejan/archive/2008/03/31/wcf-binding-decision.aspx
http://architectopia.blogspot.com/2008/01/wcf-binding-decision-chart.html
I know this question is already been answered however heres are some thoughts for those who are looking for quick answer.
TransportWithMessageCredential is basically saying that the transmission is over https (secure) and the username and password will be in security header.
"Client authentication is performed by putting the client credential directly in the message. This allows you to use any credential type that is supported by the message security mode for the client authentication while keeping the performance benefit of transport security mode."
http://msdn.microsoft.com/en-us/library/aa354508.aspx

Anonymous clients connecting to WCF

This article from Microsoft details how to implement transport security with an anonymous client.
http://msdn.microsoft.com/en-us/library/ms729789.aspx
I'd like to know if it is possible to achieve the same goal, using netTcpBinding instead of WsHttpBinding and hosting the service as a Windows Service.
Yes, I don't see any reason why this wouldn't work over netTcp Binding. By default, netTcp is using transport level security already, but also Windows credentials. Just turn those off, and you should be good to go.
<bindings>
<netTcpBinding>
<binding name="SecureNetTcp">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</netTcpBinding>
</bindings>
I've never done it, but can't you just set the Client Authentication to None?