I have a 3-tier application where server is Windows service and client connects to it using WCF. I need to provide some integration with 3-d party application. For this I plan to implement separate integration service and host it with WCF. But one of most important requirements is to use SSL v.3.0 CipherSuite - SSL_RSA_WITH_AES_128_CBC_SHA to secure connection between server and 3-d party application.
My question is: how to configure my WCF service to enable SSL v.3.0 CipherSuite - SSL_RSA_WITH_AES_128_CBC_SHA?
Related
We currently use a Weblogic client to talk to a WCF web service which is setup with a security mode of TranportWithMessageCredential. This allows us to authenticate over HTTPS using username/password sent as part of the HTTP bindings.
We're now trying to do the reverse -- WCF client talking to a Weblogic 12c web service, with the same authentication scheme. I think we have the client under control.
But how does one set up a Weblogic server is this fashion?
I have the following scenario:
A stateless service with a self-hosted OWIN WebApi. This provides a RESTful client-facing api.
A stateful service, again with a self-hosted OWIN WebApi.
After locating the correct stateful service partition, the stateless service calls into stateful service to access state. It does so via HTTP/HTTPS into the WebApi.
This configuration works fine running on the local cluster and an Azure cluster over HTTP. I'm running into problems though with HTTPS.
Using a self-signed cert I'm able to use HTTPS between the client and the stateless front-end service. However, I can't seem to get the configuration quite right to allow the stateless service to communicate with the stateful service over HTTPS.
I get an exception when the stateless service makes the request to the stateful service. "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel." That has an inner exception of "The remote certificate is invalid according to the validation procedure".
I'm a bit fuzzy on security on service fabric, but have read through several articles, SO posts, blogs, etc. on the subject.
Here are my questions:
At a high level, what is the proper way to secure interservice communication in my scenario?
Is a self-sign cert supported in this scenario?
Are the two services in the same cluster? If so, why not just call the stateful service from the stateless one using ServiceProxy?
You can use a self-signed certificate - the error you're seeing is not specific to Service Fabric. There are several ways to bypass it (although obviously it's not recommended to do that in production). Take a look at this SO question: C# Ignore certificate errors?
The WCF service is hosted on IIS 7.0. The WCF client is a Windows service running under the Local System Account. Both the service and the client are hosted in the intranet. The binding I am using is the netTcpBinding with Transport security. Message security cannot be used because of Streaming. Certificates cannot be used because of deployment considerations. What are my options to ensure the best possible security in this scenario?
Scenario
WCF service on our public DNN website using a WsHttpBinding over SSL.
security mode is TransportWithMessageCredential
Requires Username and password authentication
One WCF client consuming the service on our Intranet
I understand the basic idea of point-to-point security using SSL, but my question is - can I still have point-to-point security if my client app (on our Intranet) is connecting to a WCF service on our public website over SSL? Does this service being on the Internet open it up for "man in the middle" attacks considering the communication is going over the Internet? Am I not fully understanding man in the middle attacks?
I should note, the app on our Intranet is the only client that will be using this service or at least, this isn't something that I'm going to allow (give out other username/passwords) anyone else to consume or use.
Thanks
I have a silverlight 4 application which needs to consumes some services hosted on a Java (I think CXF) Web Service.
For some reasons, I can't access directly the service so I have to go through a relay service.
I created a WCF relay service.
The service uses SOAP 1.2 and WS addressing 1.0
What I ask is.. what level of security can I reach?
The ideal situation is to use a mutual authentication of the server (CXF) and my client.
If Silverlight does not support this, the second possibility is to have a "simple" https connection between my silverlight client and my relay server, but then, is it possible to "add" a mutual authentication between the relay and CXF? Or the only possible solution is to have a simple SSL connection with only the server authentication?