Can anyone show me how to do Windows Authentication with WCF over http? At a fundamental level, I don't think https is required for Windows Authentication. The s in https encrypts the traffic.
Perhaps This is what you are looking for.
Related
I am connecting to an external soap endpoint using Apache CXF. I am going through a proxy server (using credentials) before I hit the https/SSL external endpoint. The team that supports the external web service is saying that they do not see my basic authentication header. I logged the header and payload from my workstation before just before it leaves my workstation. I can see both the basic authentication and the proxy authentication headers.
My question is really twofold:
1. At what point is the SSL message from my computer actually encrypted?
2. Is it possible for something in the network to be dropping the Basic authorization header?
3. What additional troubleshooting steps can I take?
I found the issue, my proxy server was dropping any header with the word Basic in it.
Thanks,
Brian
At work we are always having numerous problems with our x.509 certificates that we use for https and I was wondering is there a useful alternative for securing the communication between a server and the browser.
Edit
Could also be that we are using IIS x.509 and WCF
Force site to only allow local traffic and use VPN to restrict access to local network. Other than that you will need to use HTTPS to force encryption.
I am hosting a secured WCF service (transport level security) which needs to authenticate users with third party client certificates. To accept those client certificates, I have binded my IIS7 with third party Server Certificate. Theoretically speaking this should work perfectly. But it is not, It continues to give error as
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
Does anyone having idea on how to make it possible in this case?
Check out the WCF Security Guidance on Codeplex - they have tons of How-To's and extensive coverage and step-by-step explanations for all things WCF security related.
The one How-To most interesting to you would probably be:
How To – Use Certificate Authentication and Message Security in WCF
I have a vb.net application running as intranet on Win Server 2003. So should I use HTTPS instead of HTTP?
What is the difference or why should I if the answer is HTTPS? Is there any code in VB to redirect from HTTP to HTTPS?
Thanking you all in advance for your time and consideration.
You should use HTTPS to ensure reasonable protection from eavesdroppers and man-in-the-middle attacks. HTTPS creates a secure channel over the network, provided that adequate cipher suites are used and that the server certificate is verified and trusted.
An intranet is obviously less exposed than the public internet, but you should still use HTTPS if you are transferring sensitive data (such as passwords) from the server to the browsers.
Assuming you are using IIS to serve your website, you may want to check the following articles for further reading:
Microsoft Support - How To Set Up an HTTPS Service in IIS
Forcing HTTPS in IIS 6.0
Configure SSL on Your Website with IIS
Is there a way to setup authentication (ala "Basic Authentication") without actually setting up an SSL Certificate? I'd also like to do this in REST or regular SOAP WCF Services, preferably in REST, but would like to be able to mix the services. In other words, "I want to be able to send a regular old username and password just like in Basic Authentication but without the SSL." Is there a way to do this?
Use TransportCredentialOnly security mode. This post explains how to do it:
http://developers.de/blogs/damir_dobric/archive/2006/07/31/890.aspx.
Don't forget that you also have to enable basic authentication in IIS.