I am a newbie to WCF so trying to figure out how to implement 2way ssl certficate authentication for WCF service i need to host. The consumer of the service would provide us with there certificate and we are supposed to provide them with ours.
The part i don't understand and would appreciate help is how to do we go about it in the way of either
1. articles pointing out the steps
or
2. Code samples.
Thanks.
The following web pages provide a fairly comprehensive overview of a Windows Communication Foundation (WCF) service and client secured using mutual certificate authentication. The code and configuration in the articles were helpful when our team first tackled WCF services with mutual x509 certificate authentication.
http://msdn.microsoft.com/en-us/library/ms733102(v=vs.110).aspx
http://www.codeproject.com/Articles/348595/Use-Mutual-SSL-Authentication-in-WCF
Regards,
Related
I have a monotouch application that currently calls a hosted WCF service in IIS using ssl and basic authentication. I need to move this wcf service to Azure and am confused on the best security practice. I've read to use ACS, but I can't find any examples of using that setup with monotouch and am not sure it will work. Does anyone have any examples or suggestions with calling a WCF service from monotouch securely in azure?
Thanks, Ben
I am not familiar with MonoTouch. But as far as the service side is concerned, you can continue to use SSL and basic authentication. Note by default IIS basic authentication require Windows credential. Since it works locally, I think you’ve already implemented a custom basic authentication module. Another area to note is it needs additional steps to support SSL in Windows Azure. You can refer to http://msdn.microsoft.com/en-us/gg271302 for a tutorial. ACS is usually used if you want to support claim based authorization.
Best Regards,
Ming Xu.
Team,
I have a WCF service. I would like to know how to implement 2-way SSL authentication for the Service.
Thanks
Have a read of this it talks about using preshared certs to do SSL for WCF http://msdn.microsoft.com/en-us/library/ms731925.aspx
What I am looking for is a set of article that can help me understand the basics, so I can be sure of what I am doing.
Methods regarding secure authentification are the most welcome.
Thanks.
see this article about Securing WCF Services with Authentication Service.
also this one on Certificate based Authentication.
take a look at Programming WCF Security in msdn library
How to implement Two way mutual broker Authentication at transport level? I need a suitable example with certificates created by makecert.exe.
Check this article. It should guide you step by step. The only thing I don't like in this article is that it uses Web Site. Web site is probably the worst choice for hosting WCF service in IIS. I would choose WCF Service application. There are additional resources at the end which will point you to articles about creating and installing temporary certificates.
I'm looking into creating a WCF service that will connect to our Product Management system to provide/update product licensing information. It will be a self hosting service wrapped up in an NT service and I'm looking at ways to mutually authenticate both the service and the client. Clients will be desktop applications running on the same machine as the service so I'm thought netTCP binding with Transport security would be sufficient but having looked at the documentation I think I can only achieve Windows credential security which probably isn't going to be good enough for me. Principally I'm trying to prevent spoof applications invoking operations on our service and also trying to prevent spoof services masquerading as our own.
Can anyone give me any suggestions? I'm a little concerned that I might have to look into certificates :S
Cheers,
Chris.
You can use certificates (service / client) to do mutual authN.
See http://msdn.microsoft.com/en-us/library/ms733102.aspx