I have a wsHttpBinding like this
<wsHttpBinding>
<binding name="binding1">
<security mode="Message" >
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
If only NTLM is available,
Is this mean WCF will send client's credential through SOAP message?
Is this configuration compatible with ws-security?
Thanks
Both your questions are answered with a YES. Please read http://www.codeproject.com/KB/WCF/HttpBinding.aspx for details:
As WsHttBinding supports WS-*, it has WS-Security enabled by default. So the data is not sent in plain text.
Related
Im using this binding
<basicHttpBinding>
<binding name="abc_Windows" maxReceivedMessageSize="2147483647" messageEncoding="Mtom" transferMode="Streamed">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
Im getting this error when calling it.
HTTP request streaming cannot be used in conjunction with HTTP authentication.
Either disable request streaming or specify anonymous HTTP authentication.
Parameter name: bindingElement
Im using windows authentication and need large files to be uploaded and downloaded via this service. What changes should i do to avoid this error? Does any other binding works with streaming and windows mode authentication?
Kindly help.
I am new to WCF. I am investigating the right way to have message body encryption over HTTPS (mixing both transport and message level security at the moment)
I have HttpsGetEnabled.
Using WsHttpBinding, I still see the message body unencrypted
<wsHttpBinding>
<binding name="myCustomWsHttpBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
I have also tried using custom binding but same result
<binding name="myCustomBinding">
<security authenticationMode="CertificateOverTransport"
messageProtectionOrder="EncryptBeforeSign"
includeTimestamp="true"
protectTokens="true"
>
</security>
<textMessageEncoding messageVersion="Soap11WSAddressing10" />
<httpsTransport/>
</binding>
How can we have message body encrypted when using Https? If I understand correctly message level security is independent of transport so using https is possible in this case?
In the custom binding, set authenticationMode to "mutualCertificate"
I am trying to add WCF service with wsHttpBinding to soapUI.
I am using message security and it works with test client but SoapUI returns
An error occurred when verifying security for the message
Here is service configuration:
<wsHttpBinding>
<binding name="wsHttpSecure">
<security mode="Message">
<message clientCredentialType="UserName" negotiateServiceCredential="true"
establishSecurityContext="false" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
Here http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html is a document but they say I need .jks file. I only have encoded public key value generated by SvcUtil in test client configuration file.
after a lot of research I found a solution on a blog.
You need to check the WS-A:To checkbox, located on the WS-A options tab.
After doing that, my problem was solved.
This is the blog containing the solution. Thanks David!!
this setting is not interoperable with soapUI:
negotiateServiceCredential="true"
change it to false
I have a binding configuration for wsHttpBinding defined as:
<wsHttpBinding>
<binding name="CustomAuthentication">
<security mode="Message">
<!-- Change to Message-->
<message clientCredentialType="UserName"/>
<!-- Change to UserName -->
</security>
</binding>
</wsHttpBinding>
When I generate my proxy code using svcutil and look at the app.config it generates for the client, I see this in the security section:
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
I did not specify transport security in my service config, so why did it create a transport node with clientCredentialType="Windows". Is this by design and does it matter? I watched a video my Michele Leroux Bustamante and she said that you can't use Transport and Message, it will ignore one of them, so it doesn't matter if you specify both. I just want to know why it created it it in the client app.config
The reason is probably the same that svcutil and VS create huge config files for most services: They generate bindings/config with default settings, tweak them, and then serialize them into the config files, which means you get fairly extensive, verbose config files out of them because they include values (default or otherwise) for all properties in those configuration objects.
Is it possible to use both Transport security (HTTPS, authentication with a Client cert) in addition to message-level encryption via configuration in WCF? Is this done with wsHttpBinding out-of-the-box?
I am attempting to accomplish this with a custom binding, but am unable to tell if the requests are being encrypted at the message level because they appear as plain text in the trace logs.
I've done quite a bit of research but can't seem to find any solid answers. Any help is appreciated!
Yes, it's possible to have both as described in this MSDN article. The article is pretty thorough & detailed but the crux of enabling this functionality is this setting:
<!-- snipped -->
<wsHttpBinding>
<binding name="wsHttp">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate"
negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
<!-- snipped -->