Could anyone please show me how to configure wsHTTPBinding (Security Mode: TransportWithMessage and ClientCredentialtype=username) in azure?
The certificate needs to be self signed.
Related
The WCF service is hosted on IIS 7.0. The WCF client is a Windows service running under the Local System Account. Both the service and the client are hosted in the intranet. The binding I am using is the netTcpBinding with Transport security. Message security cannot be used because of Streaming. Certificates cannot be used because of deployment considerations. What are my options to ensure the best possible security in this scenario?
Scenario
WCF service on our public DNN website using a WsHttpBinding over SSL.
security mode is TransportWithMessageCredential
Requires Username and password authentication
One WCF client consuming the service on our Intranet
I understand the basic idea of point-to-point security using SSL, but my question is - can I still have point-to-point security if my client app (on our Intranet) is connecting to a WCF service on our public website over SSL? Does this service being on the Internet open it up for "man in the middle" attacks considering the communication is going over the Internet? Am I not fully understanding man in the middle attacks?
I should note, the app on our Intranet is the only client that will be using this service or at least, this isn't something that I'm going to allow (give out other username/passwords) anyone else to consume or use.
Thanks
Team,
I have a WCF service. I would like to know how to implement 2-way SSL authentication for the Service.
Thanks
Have a read of this it talks about using preshared certs to do SSL for WCF http://msdn.microsoft.com/en-us/library/ms731925.aspx
Is it possible to configure a WCF service that:
is hosted by IIS
uses the basicHttpBinding binding
does not need an SSL cert
supports sessions (ServiceContract(SessionMode:=ServiceModel.SessionMode.Required))
I know the easiest thing to do would be to buy an SSL cert, but for reasons beyond my control I am being required to match the 4 constraints above.
thanks,
Tom
Tell your boss that basicHttpBinding supports real security only when using with SSL certificate (otherwise all data are passed as a plain text) and it doesn't support WCF sessions out of the box. WCF session is dependent on either:
Transport session (only netTcp or netNamedPipe bindings)
Reliable session (only netTcp, wsHttp or custom bindings)
Security session (only wsHttp or custom bindings and it requires either windows authentication or SSL certificate)
Sessions can be probably added by building your own service behavior and replacing IInstaceContextProvider and perhaps also IInstanceProvider.
I'm creating a simple web service using WCF. The message needs to be encrypted and the user need to be authenticated through an asp.net provider.
What binding should I use for this? WsHttpBinding or WebHttpBinding?
Can anybody point me to a good example using the asp.net provider and self signed certificates with wcf.
Thanks
You say that the message needs to be encrypted, but don't specify whether you have a specific requirement for message-level encryption or if transport encryption might be enough.
If you transport-level encryption is enough, then BasicHttpBinding + SSL would work.
Otherwise, you'd use WSHttpBinding and configure message-level encryption. Of course, the decision might also be tied to the capabilities of any clients you want to consume the service.
You also mention WebHttpBinding, but that's used only for REST-style services. Is your service REST style? If so, then your only option would be SSL and using transport-level authentication, I think.