patterns & practices: WCF Security Guidance

New Comment on "How To - Use SQL Role Provider with Username Authentication in WCF calling from Windows Forms"

PaulMouchet — Mon, 04 Mar 2013 17:30:25 GMT

I know this has been around for while, but this is one of the best documents I've seen on how to implement SQL role provider through a WCF service. My question is, the last comment of Step 9 doesn't make sense (to me). There is no mention in Step 6 about installing a Root Authority certificate. Perhaps somebody can explain this better?

Source code checked in, #69631

Project Collection Service Accounts — Mon, 01 Oct 2012 21:13:48 GMT

Upgrade: New Version of LabDefaultTemplate.xaml. To upgrade your build definitions, please visit the following link: http://go.microsoft.com/fwlink/?LinkId=254563

Source code checked in, #69630

Project Collection Service Accounts — Mon, 01 Oct 2012 21:07:03 GMT

Checked in by server upgrade

New Comment on "Internet – WCF and ASMX Client to Remote WCF Using Transport Security (HTTP)"

kritlop — Mon, 23 Jul 2012 05:22:44 GMT

When using a custom http module as described in the above example be sure to set your app pool on IIS to classic mode. See http://msdn.microsoft.com/en-us/library/ms227673.aspx for more info

New Comment on "Video Index"

forsandesh — Fri, 09 Mar 2012 19:32:47 GMT

test

New Comment on "Video Index"

forsandesh — Fri, 09 Mar 2012 19:32:37 GMT

very cursory to say the least!!

New Comment on "How To - Use Certificate Authentication and Message Security in WCF calling from Windows Forms"

sedatiko — Thu, 01 Mar 2012 22:00:21 GMT

How do you call this service from a non .net client???

New Comment on "Questions and Answers"

GBK — Mon, 10 Oct 2011 05:24:59 GMT

how authenticate in webHttpBinding using custom username & password?

New Comment on "Video Index"

Haddicus — Tue, 22 Mar 2011 16:48:54 GMT

Truly not enough in depth information about best practices of WCF Security. Had to go elsewhere for WCF Security information.

Reviewed: Hello World (Mar 22, 2011)

Haddicus — Tue, 22 Mar 2011 16:48:32 GMT

Rated 1 Stars (out of 5) - Truly not enough in depth information about best practices of WCF Security. Had to go elsewhere for WCF Security information.

New Comment on "If your clients are deployed within intranet then choose transport security"

alhambraeidos — Tue, 08 Feb 2011 12:25:42 GMT

I try connect to WebService PHP (in Apache Server in intranet) using WCF and CustomBinding. Code sample for configure security programaticaly ?

Created Issue: WCF vs. Windows Identity Framework [7759]

johnwsaundersiii — Thu, 30 Dec 2010 20:43:31 GMT

There is no coverage here of Windows Identity Framework. http://msdn.microsoft.com/en-us/library/ff359113.aspx and http://technet.microsoft.com/en-us/library/adfs2-identity-delegation-step-by-step-guide(WS.10).aspx have some information, but it would be good for this guide to cover WIF scenarios.

Reviewed: Hello World (Dec 30, 2010)

JohnWSaundersIII — Thu, 30 Dec 2010 20:42:02 GMT

Rated 3 Stars (out of 5) - There is no coverage here of Windows Identity Framework. http://msdn.microsoft.com/en-us/library/ff359113.aspx and http://technet.microsoft.com/en-us/library/adfs2-identity-delegation-step-by-step-guide(WS.10).aspx have some information.

New Comment on "How To - Create and Install Temporary Certificates in WCF for Message Security During Development"

paul3654 — Wed, 17 Nov 2010 12:27:30 GMT

I must be missing something here, but in step 3 we are creating and installing a temp cert on the server and 4 we are giving permissions to WCF identity process correct? Then we are asked to open a visual studio command prompt to run a makecert and findPrivateKey command, is this assuming that i have visual studio in stalled on the server? Paul

Source code checked in, #48968

_TFSSERVICE — Thu, 22 Jul 2010 18:55:41 GMT

Checked in by server upgrade

New Comment on "How To - Use Certificate Authentication and Message Security in WCF calling from Windows Forms"

jsoler — Tue, 06 Jul 2010 18:33:17 GMT

I have this error The caller was not authenticated by the service. This is configuration in client <client> <endpoint address="http://localhost:49981/AKTWCFService/Service.svc" behaviorConfiguration="NewBehavior" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint" contract="ServiceReference1.IService" name="wsHttpEndpoint"> <identity> <dns value="" /> <certificate encodedValue="" /> <certificateReference findValue="" /> </identity> </endpoint> </client> In this line no appear <certificate encodedValue="" />

Created Issue: MVC and WCF [6838]

minhtoan898 — Wed, 09 Jun 2010 04:51:09 GMT

Hi ,

I have some problems around MVC and MFC. I try to intergate WCF into MVC. But I see, MVC included Model,View,Controller and it's ensure about SOA.
And It can do everything WCF do. And I think we don't need to intergate it together.

simple example is, with MVC, We can write a web application into desktop .So, we can move it to Mobile by coding again View on Mobile.
With WCF we can do the same thing.

Please help me about this topic. Thanks.

New Post: Guidance for securing WCF Data & RIA Services

doobiwan — Thu, 13 May 2010 01:28:26 GMT

Hi,

Please can you cover securing Data Services & RIA Services? The things i'm interested in are:

Using Server Side only SSL
Using Client and Server SSL
Plain Username & password
Self Hosting

Thanks

New Comment on "Internet – Windows Forms Client Calling WCF Using Message Security"

vontlin — Mon, 03 May 2010 06:03:30 GMT

how can we make the application name dynamic, i mean if the client to pass the application name in the membership provider

New Post: SecurityNegotiationException: Could not establish secure channel

ufazo — Sun, 07 Feb 2010 07:30:02 GMT

Hi.

I finally was able to call the service.

I'm not sure why, but i have to set the protocol.

using (var client = new EmiServiciosMotorHandlerClient())

{

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

client.ClientCredentials.UserName.UserName = config.CodigoMotopoliza;

client.ClientCredentials.UserName.Password = config.Contraseña;

client.ExecuteMethod();

}

Thanks,

if (client.Endpoint.Address.Uri.Scheme == "https")

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;