Architecture. WCF+SHAREPOINT services - wcf

I have separate layer with WCF services.
And I have sharepoint website.
The aim to allow login for mobile devices to WCF layer and in the same time to sharepoint web site.
Sharepoint will be used like secured database.
I need somehow to check user when he will login to WCF layer and the hard part to authenticate him in SharePoint website.
I need any help because I really don’t know a lot about this topic. Will appreciate any answers

Your WCF service will not connect to the web pages of the SharePoint site, it will connect SharePoint's web services.
Mobile devices are limited in the authentication they support. Windows authentication may not be supported. So basichttpbinding using basic authentication over SSL is probably the best option. Send the username and password as part of the call, then you can use this username and password in the web service call to the SharePoint web services.

Related

Can you Windows Auth to Basic Auth?

I'm developing a blazor web application that will use windows authentication. The web application requires data from another web service. Basic authentication is required on the web service. The web application and web service are in the same domain using the same domain for authentication. Is there a way to take the windows auth credential that the web application will possess and convert it to the basic auth required by the web service?
I am aware that the windows auth credential does not contain the password and basic auth needs a password. I cannot change the authentication scheme of the web service. I cannot spin up a new instance of the web service with a different authentication mechanism. I can't use basic authentication for the web application. The web service requires that the web application connects with it using the logged in users credentials for logging purposes ie. can't just use a service account to connect to the web service. I am open to using a different authentication mechanism for the web application with comparable security to windows auth if it will work, SSO preferred.
I believe this is technically infeasible but would welcome any evidence to the contrary.

Securing an internal WCF service

I need to find out what's the best way of securing a WCF web service I'm writing. The service will be hosted internally and will perform checks against Active Directory and a third party database.
The service will be called by a public-facing webpage on a different server (a sign up page) and nothing else will be able to access it (due to firewall rules). The web page will NOT require credentials to access it.
The service will take a username and another field and check to see if they're an existing AD user. If they are, it will check to see if they have a personal (non-work) email address in the third-party database. If not, it will ask them to specify one.
Website <-> Service <-> AD/Database.
If these firewall rules are in place, do I need to go about securing the service?
These codeplex application scenarios might help you configure what you're trying to achieve:
Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem)
Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
This guide is well put together defiantly something to look into it covers all situations including yours.
http://wcfsecurityguide.codeplex.com/releases/view/15892

Secure connection between Windows 8 App and WCF rest service

I've got a WCF service hosted on Windows Azure and a Windows 8 app that currently consumes data from the rest based WCF service.
The service is hosted at abc.cloudapp.net and although currently anybody can access it, I'd like to limit access to users of my app only.
I can't ask users to enter a username and password and I also can't store encryption data in the app as I can't be sure that my Windows 8 App will be obfuscated.
SSL seems to be the only way to go - however the setup of the SSL certificate requires a CSR which I don't believe can be applied to a service hosted on azure.
I'm looking for a step by step guide to securing communication between the app and the service as well as preventing unauthorised access.
Thanks!
REST service works with the HTTP standards. SSL is default mechanism to ensure data transfer with security. Authentication is an implementation question.
Two links to help you with development:
SSL on Azure
REST based authentication
Regards.

Accessing a WCF Service secured by ACS from javascript

I am looking to create a WCF (possibly WebApi) web service that sits on top of some of our existing code. Eventually this service will be used by external clients but we are going to start using it with our own mobile app.
As some clients will want to use Gmail and ADFS authentication it seems to make sense to use Azure ACS (this is where our webservices are hosted). However we won't need multiple providers for a while and we will start by using a custom STS that authenticates users against our existing authentication logic.
We already have a rough prototype of the above working using a MVC web application acting as the client.
My problem is how do I integrate this with a mobile application? It looks as if the mobile app will be written using AppCelerator which means I need to authenticate using javascript. We only want users to authenticate to our custom STS so would I need to use Active Authentication? I.e.
Ask user to enter username and password
Directly authenticate with custom STS and retrieve token
Pass STS token to ACS and retrieve ACS token
Pass ACS token to wcf service for each request.
I guess my questions are: am I on the right track and if so how would I achieve this in javascript?
If you want to support mobile devices, it is recommended to provide a web based login interface in your STS. In most cases, a mobile device will navigate to your STS’s sign in page in a web browser. After your STS authenticates the user, it sends claims to ACS. ACS in turn uses JavaScript notification to notify the host application.
You can refer to http://msdn.microsoft.com/en-us/WAZPlatformTrainingCourse_ACSAndWindowsPhone7 for a tutorial about working with ACS in Windows Phone. Similar process can be used for other mobile devices.
Hope this helps.
I think it is possible to issue SAML over Https request. As a starting point Id suggest to look at Thinktecture IdentityServer sources by Dominick Baier. This will help to understand different strategies and how you can use em(there are some goodies for WebApi on Github also):
http://identityserver.codeplex.com/

Sharepoint double authentication wcf

Environment :
Sharepoint Foundation hosted at http://subdomain.mydomain.com
WCF service hosted at http://anothersubdomain.mydomain.com
When I go to my sharepoint site, I'm being asked for my windows credentials. This is normal, I enter them and I can access the site.
Now, if I navigate to my WCF service, I have to enter my windows credentials again to have access to the service.
Is this something that can be fixed so I have some kind of a "single sign-on" between my 2 sites?
Thanks,
Alex
As you are already using Windows Authentication, I would highly recommend you use Kerberos. You would eliminate the need to enter credentials in either location.