Here is my question, I have a solution with 4 projects in it for a WCF Service :
DLL Library : Service Interface.
DLL Library : Service Code.
Form Application : Service hosting application.
Form Application : Service client application.
I'd like to have certain properties of the service accessible for the hosting application but not for the client one. If I declare a property in the client interface they will both have access to it.
In fact, my service manage user identity login and keep a list of all user currently logged in. I'd like to be able to show this list in the Hosting application, like a debugging tool. But I don't want the service client to be able to access to this list.
How can I do ?
Thank in advance.
You can put put that code into "2" (service code). Since you only share an interface with the client it will not be exposed.
Also, if that logic (authentication and authorization) is "hosting app" specific maybe it should be in the hosting app itself rather than a service code.
Related
I am trying to add a asmx web service to one windows forms app by following way ->
Right click- > add service reference.
But it seems the service is added under connected service folders only. not under service reference . Is this an expected behavior?
or are we supposed to use web reference instead of service reference for windows forms application?
To answer this question you need to know the difference between Webservice and WCF web service and you'll find that
Here.
Anyway, I'ts a noraml behavior, let's form that in another words, the Service reference will let you communicate with a WCF-based services whatever those services are, but with the web reference, you can only communicate with web services under some conditions.
I would use service reference always because it gives more options including those in web service, and it's the new-easy way.
Can someone please explain to my how the flow is when i have a Silverlight Application that uses WCF Ria and Entity framework. So I better understand where to secure the transport of information.
I think of it as, the user enter the website and the silverlight application is downloaded to the users computer. Then if the user what to create a new entry, he enter the details, and then a new instance of the service is create. The service is on the web project with the silverlight application. Then the information is sent to the webservice on the web project, and from the webservice the information is sent to the server where the DAL is.
All the information is sent in XML.
And i have to secure it from the user to the web service, and from the webservice to the server where the DAL is.
Am I right, or is it completely wrong?
Thanks
The best way I founded to cypher data between client and server with WCF was setting the EnableClientAccess to require a secure endpoint in the DomainService:
[EnableClientAccess(RequiresSecureEndpoint = true)]
public partial class DomainService : LinqToEntitiesDomainService<YourEntities>
I have a one question about WCF web service security.Currently, we are developing one android mobile project and using wcf web service for data transfer and manipulation.
We use basicHttpBinding and hosted the web service as Window Service.
We don't have any security mode at the moment and I am afraid of every one can consume our web service if they know the service address.
For example, we have one service method and that will return string value. Currently, I can add that service to other visual studio project and mobile project and we can consume any time.
//WCF Service Method
public string DoWork()
{
return "This is return string!";
}
//We can consume it like below from other dot net project by adding service reference.
//Actually, those are not real client.
ServiceReference1.WebServiceClient serv = new TestingPrj.ServiceReference1.WebServiceClient();
string result = serv.DoWork();
My question is how can I secure my web service for real clients? I don't want other projects and people to consume our web services.
The simplest method is to use Basic Authentication over SSL. Basic Authentication requires the client to have a username/password pair, which only your application will know. If the authentication is purely to know if your client is the right one (rather than knowing which user is connecting), then you can use a single, hard-coded username/password.
SSL should be used as well so the credentials don't travel the wire in plain-text and can potentially be sniffed.
Using ssl certificates is the most secure way.
My server side contains WCF4 REST services and I'm going to add RIA services for my future SL4 application. Currently I'm doing Basic authentication like this:
var auth = HttpContext.Current.Request.Headers.GetValues("Authorization");
And so on.. You get the idea.. I call this on every request. If header not present or I can't validate UN/Password - I do this:
outgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"Secure Area\"");
That got me by so far but I'm refactoring my server side. Implementing IoC for linked services. Created custom ServiceHost, ServiceHostFactory, InstanceProvider and all is well.
Now I need to figure how to properly handle authentication and authorization with WCF so I don't have to manually inspect headers. I do have my custom MembershipProvider so there have to be some method that get's UN/PW to process.
Any pointers? I looked at http://www.codeproject.com/KB/WCF/BasicAuthWCFRest.aspx but it uses RequestInterceptor and it is not available in WCF4. I found ServiceAuthenticationManager and ServiceAuthorizationManager but there is no samples available on how to code and wire those..
Can anybody suggest which way I should go?
Try to use this custom HTTP module. It will add new authentication mode to IIS and it will allow you using custom credentials validation.
I had all types of issues using the built-in annotations for WCF in a recent SOAP/C# project. I know this isn't the best solution, but for my purposes, I enabled basic authentication in IIS7 for my application, disabled anonymous authentication and created Active Directory users for the external clients that would call the web service endpoints. I then changed the application's permissions in IIS7 (it uses file system permissions) to allow a group containing those users.
This moves authentication outside your application, which may not be what you want, but does allow you to easily add users via the IIS7 console and deployment tools that can copy those permissions. The advantage is that you don't have to redeploy your application for permission changes. The disadvantage is you can't do fine grained permission control per function.
I've got an MVC web application that is used as an interface to a Console based app that exposes a bunch of ServiceHost/s using the net.pipe protocol.
I would like to use the asp.net membership/role/profile provider to manage my users and their roles and profile information (Inside the Console Application). I've done this in quite a few apps, but normally I reference these providers directly from the web application itself.
This is a good walk-through on doing pretty much what I would like, except I don't want to host the WCF service endpoints in IIS, but inside my console app - which will eventually become a windows service. When I try and host the ServiceHost through my console application I get the following error:
This service requires ASP.NET compatibility and must be hosted in IIS.
Either host the service in IIS with ASP.NET compatibility turned on in
web.config or set the
AspNetCompatibilityRequirementsAttribute.AspNetCompatibilityRequirementsMode
property to a value other than Required.
Now it seems that I won't be able to set that property to anything other than Required.
I've tried another route which is using the wrapper class/interface defined here for my authentication service, which I managed to get wired into in my MVC app without too much trouble, but this doesn't cover my Authorisation (using roles) or profile needs.
Has anyone got a solution to this, I can't be the only one trying to do this? I'm not