Team,
I have a WCF service. I would like to know how to implement 2-way SSL authentication for the Service.
Thanks
Have a read of this it talks about using preshared certs to do SSL for WCF http://msdn.microsoft.com/en-us/library/ms731925.aspx
Related
I am a newbie to WCF so trying to figure out how to implement 2way ssl certficate authentication for WCF service i need to host. The consumer of the service would provide us with there certificate and we are supposed to provide them with ours.
The part i don't understand and would appreciate help is how to do we go about it in the way of either
1. articles pointing out the steps
or
2. Code samples.
Thanks.
The following web pages provide a fairly comprehensive overview of a Windows Communication Foundation (WCF) service and client secured using mutual certificate authentication. The code and configuration in the articles were helpful when our team first tackled WCF services with mutual x509 certificate authentication.
http://msdn.microsoft.com/en-us/library/ms733102(v=vs.110).aspx
http://www.codeproject.com/Articles/348595/Use-Mutual-SSL-Authentication-in-WCF
Regards,
Scenario
WCF service on our public DNN website using a WsHttpBinding over SSL.
security mode is TransportWithMessageCredential
Requires Username and password authentication
One WCF client consuming the service on our Intranet
I understand the basic idea of point-to-point security using SSL, but my question is - can I still have point-to-point security if my client app (on our Intranet) is connecting to a WCF service on our public website over SSL? Does this service being on the Internet open it up for "man in the middle" attacks considering the communication is going over the Internet? Am I not fully understanding man in the middle attacks?
I should note, the app on our Intranet is the only client that will be using this service or at least, this isn't something that I'm going to allow (give out other username/passwords) anyone else to consume or use.
Thanks
I have a silverlight 4 application which needs to consumes some services hosted on a Java (I think CXF) Web Service.
For some reasons, I can't access directly the service so I have to go through a relay service.
I created a WCF relay service.
The service uses SOAP 1.2 and WS addressing 1.0
What I ask is.. what level of security can I reach?
The ideal situation is to use a mutual authentication of the server (CXF) and my client.
If Silverlight does not support this, the second possibility is to have a "simple" https connection between my silverlight client and my relay server, but then, is it possible to "add" a mutual authentication between the relay and CXF? Or the only possible solution is to have a simple SSL connection with only the server authentication?
Is it possible to configure a WCF service that:
is hosted by IIS
uses the basicHttpBinding binding
does not need an SSL cert
supports sessions (ServiceContract(SessionMode:=ServiceModel.SessionMode.Required))
I know the easiest thing to do would be to buy an SSL cert, but for reasons beyond my control I am being required to match the 4 constraints above.
thanks,
Tom
Tell your boss that basicHttpBinding supports real security only when using with SSL certificate (otherwise all data are passed as a plain text) and it doesn't support WCF sessions out of the box. WCF session is dependent on either:
Transport session (only netTcp or netNamedPipe bindings)
Reliable session (only netTcp, wsHttp or custom bindings)
Security session (only wsHttp or custom bindings and it requires either windows authentication or SSL certificate)
Sessions can be probably added by building your own service behavior and replacing IInstaceContextProvider and perhaps also IInstanceProvider.
Could anyone please show me how to configure wsHTTPBinding (Security Mode: TransportWithMessage and ClientCredentialtype=username) in azure?
The certificate needs to be self signed.