The WCF service is hosted on IIS 7.0. The WCF client is a Windows service running under the Local System Account. Both the service and the client are hosted in the intranet. The binding I am using is the netTcpBinding with Transport security. Message security cannot be used because of Streaming. Certificates cannot be used because of deployment considerations. What are my options to ensure the best possible security in this scenario?
Related
Scenario
WCF service on our public DNN website using a WsHttpBinding over SSL.
security mode is TransportWithMessageCredential
Requires Username and password authentication
One WCF client consuming the service on our Intranet
I understand the basic idea of point-to-point security using SSL, but my question is - can I still have point-to-point security if my client app (on our Intranet) is connecting to a WCF service on our public website over SSL? Does this service being on the Internet open it up for "man in the middle" attacks considering the communication is going over the Internet? Am I not fully understanding man in the middle attacks?
I should note, the app on our Intranet is the only client that will be using this service or at least, this isn't something that I'm going to allow (give out other username/passwords) anyone else to consume or use.
Thanks
I have a silverlight 4 application which needs to consumes some services hosted on a Java (I think CXF) Web Service.
For some reasons, I can't access directly the service so I have to go through a relay service.
I created a WCF relay service.
The service uses SOAP 1.2 and WS addressing 1.0
What I ask is.. what level of security can I reach?
The ideal situation is to use a mutual authentication of the server (CXF) and my client.
If Silverlight does not support this, the second possibility is to have a "simple" https connection between my silverlight client and my relay server, but then, is it possible to "add" a mutual authentication between the relay and CXF? Or the only possible solution is to have a simple SSL connection with only the server authentication?
I created the service using WCF. As i know i can host in IIS.
Is it possible to host WCF all servers (like apache).?
Please provide the list of server where can host the WCF service and where its best to host service?
You can host your WCF services:
in IIS/WAS (preferably IIS 7.x or newer); IIS 5.1 and IIS 6.0 only support HTTP bindings, while IIS 7.x through WAS supports all WCF bindings
or you can self-host in any managed application (NT Service, console app, WPF app - whatever); supports all WCF bindings and gives you the ultimate control over how your services are hosted / available
Those are your options.
Read:
MSDN : Hosting WCF Services - with further links to hosting in IIS, WAS and self-hosting
I have created a WCF service which is hosted on a windows service over NetNamedPipeBinding protocol.Now I want to provide security to this service, as in users with username and passwords known only should access this service.So how do I provide a method level authentication to users to access this service?
NetNamedPipe binding doesn't support message level security out of the box. That would require custom binding. NetNamedPipe binding works only when both service and client are running on the same machine so there is assumption that if user has permissions to log in and the service is running she have also permission to call it. If you need to restrict users who can call the service you can always use custom authorization manager or role based security.
I have created a WCF service which is deployed on my local machine. This service exposes one method which start/stop a windows service on my local machine.
On the remote machine I have created a client that consumes the WCF service. When I try to invoke the method which start/stop service exposed from a WCF service , I get InvalidOperationException . I found that this is the Security issue.
Also when I do the same operation (start/stop windows service) on the local machine it works!!
The WCF service is hosted on IIS 7.0 which is using basichttpBinding. Also Anonnymous access is checked. I have also added <identity Impersonate = true > under the web section in the web config file but still no success.
Please help!!
You set impersonation for ASP.NET. Impersonation in WCF uses its own infrastructure. Moreover in WCF client has to allow service to impersonate his identity. Check this simple example.