Questions tagged [wcf-security]

Questions related to the authentication and authorization services for Windows Communication Foundation (WCF) applications

Windows Communication Foundation is Microsoft's implementation of the WS-* web service specifications. Its security functionality mainly deals with authentication, authorization and secure over-the-wire transmission of user credentials.

When setting up WCF Security for an application, the following parameters need to be configured:

The type of credential required, e.g. NTLM, plaintext, or certificate authentication
The security mode: transport mode (e.g. SSL), message mode (SOAP message security), or a combination of both
Which endpoint(s) are protected

Once a client successfully connects to an endpoint protected with WCF Security, the server application can examine the security context to determine the identity of the client and to determine its authorizations (which need to be configured separately).

1285 questions

120

votes

2 answers

What is the difference between a WCF Service Application and a WCF Service Library?

I am developing a WCF web service and I used the WCF Service Application template to do that. Does creating a "WCF Service Application" fulfill this requirement? What are the advantage of creating a WCF Service Library over a WCF Service…

wcf wcf-binding wcf-security

asked Jul 30 '09 at 03:46

Ashish Ashu

14,169
37
86
117

votes

22 answers

WCF Error "This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case"

I'm having a problem using a WCF call from a Windows service to my WCF service running on my web server. This call has been working for a number of weeks, but then stopped working all of a sudden, and has not worked since. The exception I'm getting…

xml wcf web-services wcf-security

asked Jan 06 '10 at 15:16

Sam Schutte

6,666
6
44
54

votes

3 answers

Correct way communicate WSSE Usernametoken for SOAP webservice

I am attempting to consume a web service through its corresponding wsdl. This service is dependent upon authentication conforming to Web Services Security Basic Security Profile 1.0 including that the correct xmls namespace of…

c# wcf visual-studio-2010 wcf-security ws-security

asked Apr 29 '11 at 19:47

Chris Marisic

32,487
24
164
258

votes

4 answers

WCF Transport vs Message

I was reading about WCF security implementations and found out that there are 2 types of security: Transport Mode and Message Mode (or both) If I used HTTPS for Transport Mode, is it more secured if I used Message security also? I am asking this…

c# wcf wcf-security

asked Apr 15 '11 at 06:50

scatman

14,109
22
70
93

votes

1 answer

Is it possible to call Dynamics CRM 2011 late-bound WCF Organization service without the SDK - straight customized binding?

I'm trying to implement a pure WCF scenario where I want to call Dynamics CRM WCF service without relying on the SDK helper classes. Basically, I would like to implement federated authentication against Dynamics CRM 2011 using only native WCF…

c# wcf dynamics-crm-2011 wcf-security wcf-client

asked Jul 21 '11 at 12:14

Maxime Labelle

3,609
2
27
48

votes

3 answers

Using Fiddler to sniff Visual Studio 2013 requests (proxy firewall)

I am having issues with Visual Studio 2013 and our corporate proxy (signin does not work, updates do not work, visual studio gallery does not work, nuget and git fail ). All of these are doing http or https requests. (e.g.…

visual-studio proxy wcf-security fiddler ntlm

asked Jan 10 '14 at 16:49

Dr.YSG

7,171
22
81
139

votes

1 answer

IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier

What might the reason be that I get the exception below when trying to validate a token. TokenValidationParameters validationParameters = new TokenValidationParameters(); validationParameters.ValidIssuers = new List() {…

c# .net security wcf-security jwt

asked Mar 31 '15 at 14:18

Robert

2,357
4
25
46

votes

2 answers

What are the differences between security mode="Transport" and security mode="TransportCredentialOnly"

What are the differences between security mode="Transport" and security mode="TransportCredentialOnly" when I use it with BasicHttpBinding and setup ssl in ISS 7.0?

wcf wcf-security

asked Dec 19 '10 at 01:11

Ybbest

1,520
3
29
43

votes

7 answers

'MANAGE PRIVATE KEYS' option missing

I'm developing WCF service with Transport Security hosted on IIS 7.5 under Windows 2008R2. I have a certificate, generated in IIS 7.5 which is stored in Local folder. When I use BasicHttpBinding or WSHttpBinding with Transport Security - everything…

c# wcf wcf-security x509certificate

asked Jan 15 '13 at 12:39

Alex

8,827
3
42
58

votes

1 answer

WCFTestClient - how can I add username and pass?

I'm using the WCFTestClient to debug a service. This normally works like a charm. This particular service is using SSL and I need to pass the user name and password. I can right click and edit the config file, but I do not see a place where I can…

security service wcf wcf-security

asked Jul 21 '10 at 16:32

Hcabnettek

12,678
38
124
190

votes

9 answers

The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate').

The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this…

wcf wcf-security basichttpbinding transport-security

asked Nov 24 '13 at 16:23

Harsha

votes

3 answers

WCF Security - A list of what I don't understand

I'm going around in circles with regards to WCF and security, so I'm listing some questions here in order to gain a clear picture. I'm interested in getting a better explanation of Transport vs Message level security. I think I have a service…

asp.net wcf web-services security wcf-security

asked Jan 18 '09 at 23:24

Owen

6,992
7
44
77

votes

2 answers

Using a shared cache in a Web farm environment for detecting replay attacks in WCF

I'm trying to figure out how to implement a replay attack detection mechanism with WCF in a web farm scenario. WCF provides such detection mechanism by using a nonce cache. Correct me if I'm wrong, but the only way to ensure to prevent this attack…

wcf security wcf-security

asked Sep 06 '10 at 10:00

Javi

votes

2 answers

Mutual SSL authentication with WCF: no CertificateRequest and CertificateVerify in handshake phase

I'm working on a WCF service that is to be consumed by a client that is not developed by me and also it's not .NET (possibly Java). In any case, the service should support mutual SSL authentication, where both the service and the client authenticate…

wcf ssl wcf-binding wcf-security

asked Jul 03 '15 at 06:49

Marcel N.

13,726
5
47
72

votes

2 answers

xmlHttp.getResponseHeader + Not working for CORS

I have an asp.NET WCF on .NET 4. This service is used to authenticate users. We are submitting a username and password and then an HTTP Header should be returned with the authentication cookie included. Using a locally hosted test page this is…

jquery wcf authentication wcf-security cors

asked Feb 04 '13 at 12:25

user2039547

2 3

…

85 86 Next