The traffic flow for my application is 1) .Net client to 2) F5 BigIP load balancer VIP to 3) .Net WCF service node. The WCF service is using the netTcp binding with the security mode set to Transport and a Transport protectionLevel of EncryptAndSign. I need to provide the load balancer with a value it can use to route the request to a specific WCF service node. The value is dependent on the user making the request and obviously it has to be cleartext for the load balancer to read it. Is such a thing - wrapping an encrypted netTcp tarnsport payload with a cleartext header value - possible in stock WCF? If not, is there something custom I could write to do it?
Related
I have simple wcf web service that i contain two endpoint connection
soap
rest
I want to have the ability to save the client request and the my server respond on each session as original xml/json.
How to do it ?
We have a solution that consists of a WCF webservice on one side and a smart client on the other side.
Typically, we set up HTTPS on the webserver for the webservice so that communication between client and server happens over HTTPS.
One of our customers however has a proxy server in between that strips incoming HTTPS request from their SSL payload and forwards a plain HTTP request to the webserver:
Client > HTTPS > Proxy > HTTP > Webserver
The problem is that we are using WsHttpBinding to allow us to communicate with WCF over SSL. Typically we use that binding both on client and server and there's no issue.
But since the webservice actually receives an HTTP request, we cannot use WsHttpBinding (requires HTTPS). But we MUST use HTTPS from the client.
But of course, WCF requires the bindings between client and server to match. So we're a bit stuck and I can't find a good way to solve this issue:
We cannot set the client up to use HTTP for security reasons
We can set the service to accept HTTP requests, BUT the client won't be able to communicate with it.
Is there a certain setup that could cover this requirement?
use the wcf binding converter to get a custom binding from your wshttpbinding. then change in the custom binding from https to http element.
I have a problem that in JMeter I can setup server / port, but my application is hosting on IIS 7.5 and WCF service is a "Application" under specific web site. So the service endpoint is
http://localhost:8002/Some.Aplication/Some.Application.svc
WCF application is supporting tcp.net binding also and I should use it(tcp.net).
Ho can I set up JMeter for sending specific packet over tcp to this endpoint ?
Thanks.
You need to use TCP Sampler, and probably write a custom TCPClient class for it for easier handling of custom reads/writes.
I have an IIS-hosted WCF service which is configured to use basicHttpBinding with transport security.
I have configured IIS with a certificate and I'm using an https endpoint to call the service.
Now, I have enabled message logging on the service at transport level - however, the messages I'm seeing are in clear text. Is this right? If so, why? Is there a way to see the encrypted messages?
Thank you in advance,
Fabio
This is correct behavior. Transport layer handles its decryption before it passes message to upper layer api like WCF so WCF always get message decrypted and it can't intercept the process - transport security is outside of WCF. Encrypted message on transport layer is logged only if you use message security because in such case transport layer just passes the message as is to WCF to deal with it.
Use Fiddler and don't enable SSL decryption in the options. It will allow you to inspect the message traffic as it is on the wire.
Also, worth reading is Debugging Localhost Traffic with Fiddler, a common gotcha for those new to Fiddler. Then check out the info page on HTTPS decryption, if you're interested in using that feature later.
I have a simple pox operation using webHttpBinding and am specifying a security mode of transport to enable HTTPS. Once i do this though, I can no longer send http traffic to it. I'd like the option of both. How can I enable https while also keeping http?
You will have to create service with two WebHttpBinding endpoints. One endpoint will use HTTP (binding without transport security) and second endpoint will use HTTPS (binding with transport security). You will also have to configure your IIS to support both HTTP and HTTPS (assign certificate).
The question is if this is reasonable? If you really think that your service has to provide secure transport because of confidental data then providing unsecured endpoint in the same time doesn't seem like a good solution.