WCFSecurityGuide Forum Rss Feed

New Post: Why Federation and Claims Authorization are out of scope?

EmreAydinceren — Wed, 14 Sep 2011 15:48:48 GMT

I don't understand why Federation and Claims Authorization are left out of scope? They are important parts of Microsoft's Enterprise Web Service security strategy.

New Post: Using Winfows authentication for TcpTrasnport, CustomBinding, CustomEncoder

maheshbhide — Mon, 12 Jul 2010 17:39:12 GMT

I am trying to find an example/information where WCF uses TcpTransport, Custom Binding, Custom encoder (gzip) and Windows Authentication. Any example or information is very much appreaciated.

Thanks

New Post: webHttpBinding?

slavoingilizov — Mon, 01 Feb 2010 16:12:37 GMT

mtc900 wrote:
Is there no guidance on using the new webHttpBinding? In particular I am trying to offer basic username/password authentication against a custom user database while hosted in IIS but am unable to find a workable solution.

Second that. Still no info about this?

New Post: Windows freezes

Callum76 — Mon, 01 Feb 2010 09:21:14 GMT

I all,
I have a problem on my Windows Vista that began afetr the purchase of an external Hard Disk Freecom.
A few days afetr the purchase I disconnected it while it was writing and, since that moment, every time I connect and disconnect it, the PC go to freeze mode for 5 minutes.
The same thing happen even if the hard disk is disconnected: every time I start windows it go to freeze a little after the password, and every time I connect and disconnect a usb device.
I have looked for the solution everywhere, updated windows, unistalled and installed the hard disk from the device manager but I solved the problem only when I restored a recent backup.
Yesterday the Hard disk was writing a backup while Vista was installing the updates; at the end of the proceure windows restarted automatically and the problem began again!!!
The Pc go to freeze when it starts, every time I connect or disconnect the hard disk, an usb earphone that has always worked switch on but there is no audio and I don't know how many others usb devices will have problems.
Has anyone an idea to solve this problem before I throw out of the window Vista or the the hard disk?
Thank you

__________________
Never seen gift ideas like these! (geschenkideen sie on german or regalo originales on espanol), album fotografici matrimonio

New Post: How to group WCF operations and expose each group on different endpoints?

akella2k9 — Mon, 05 Oct 2009 05:23:32 GMT

Hi All,

How to group WCF operations and expose the group on different endpoints. For example out of 10 service operations , I would like to expose 5 using BasicHttp and remaining 5 using WsHttp binding.

The idea is to expose one endpoint (BasicHttp) to one client and other endpoint(WsHttp) to another client.

Is it possible in WCF?

Thanks,

Srinivas Akella

New Post: rolePrincipal.Identity.AuthenticationType' threw an exception of type 'System.UnauthorizedAccessException'

psantiago — Sun, 23 Aug 2009 15:41:46 GMT

Hello all - any help would be greatly appreciated.

Thanks -- Peter

I feel I have followed the article http://wcfsecurityguide.codeplex.com/Wiki/View.aspx?title=Ch%2009%20-%20Intranet%20%u2013%20Web%20to%20Remote%20WCF%20Using%20Transport%20Security%20%28Original%20Caller%2c%20TCP%29 to a tee and am still having problems.

I am using Windows Authentication, Application Pools for both Service and Web Application are using a Domain Account. I followed the instructions for
Service Principal Name (SPN), enabled the domain account for trusted for delegation, turned off Anonymous Authentication, etc.

I am using impersonation of the call from the client before I call the proxy - see example belpw.

Any assistance at all would be appreciated. If any additional information is required, please let me know.

Interesting Fact
If I use principalPermissionMode=UseWindowsGroups instead of "UseAspNetRoles" the Service Calls work. Of course I am sure this has something to so with me being logged into server and hitting the web page - It is using my credentials from my windows login.

ERROR MESSAGE WHEN I DEBUG THE WCF SERVICE

In the service when I try and check the Identity of the Caller

IPrincipal principal = Thread.CurrentPrincipal;

string IdentOfCaller = principal.Identity.Name;

bool isAuthenticated = principal.Identity.IsAuthenticated;

// Tried this way too

IIdentity currentIdentity = Thread.CurrentPrincipal.Identity;

RolePrincipal rolePrincipal = new RolePrincipal(currentIdentity);

Thread.CurrentPrincipal = rolePrincipal;

AuthenticationType = 'rolePrincipal.Identity.AuthenticationType' threw an exception of type 'System.UnauthorizedAccessException'

AuthenticationType = '((System.Security.Principal.WindowsIdentity)(ServiceSecurityContext.Current.PrimaryIdentity)).AuthenticationType' threw an exception of type 'System.UnauthorizedAccessException'

AuthenticationType = 'System.ServiceModel.ServiceSecurityContext.Current.WindowsIdentity.AuthenticationType' threw an exception of type 'System.UnauthorizedAccessException'

AuthenticationType 'principal.Identity.AuthenticationType' threw an exception of type 'System.UnauthorizedAccessException' string {System.UnauthorizedAccessException}

While debugging the service, When I try and check the Roles.IsUserInRole(AppRoles.DBCallRole);

System.Configuration.Provider.ProviderException was unhandled by user code

Message="Method is only supported if the user name parameter matches the user name in the current Windows Identity."

Source="System.Web"

StackTrace:

at System.Web.Security.WindowsTokenRoleProvider.GetCurrentWindowsIdentityAndCheckName(String userName)

at System.Web.Security.WindowsTokenRoleProvider.GetCurrentTokenAndCheckName(String userName)

at System.Web.Security.WindowsTokenRoleProvider.IsUserInRole(String username, String roleName)

at System.ServiceModel.Security.RoleProviderPrincipal.IsInRole(String role)

at System.Security.Permissions.PrincipalPermission.Demand()

at System.Security.PermissionSet.DemandNonCAS()

at WCFDALService.ServiceClass.GetOracleDataSetSPXML(DBInfo info) in C:\Projects\DAL\WCFService\WCFService\ServiceClass.cs:line 101

at SyncInvokeGetOracleDataSetSPXML(Object , Object[] , Object[] )

at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)

at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)

InnerException:

O/S - WAS Windows Server 2008 - I realize the document is for hosting via a Windows Service.
Both the WCF Service and Web Application are installed on the same server for now.

Sample Code Call from the Web Application to the Service

using (((WindowsIdentity)HttpContext.Current.User.Identity).Impersonate())

{

objDALWCF.ServiceClassClient client = new objDALWCF.ServiceClassClient();

IList<objDALWCF.ReturnResultsDS> list = client.GetOracleDataSetSPXML(Val1);

ds = list[0].dS;

bool res = list[0].statusResults;

client.Close();

Response.Write("result of call res = " + res);

}

WCF Service Config File

relevant parts

<system.web>

<roleManager enabled="true"

defaultProvider="AspNetWindowsTokenRoleProvider" />

</system.web>

<system.serviceModel>

<serviceAuthorization

principalPermissionMode="UseAspNetRoles"

roleProviderName="AspNetWindowsTokenRoleProvider" />

</behavior>

</serviceBehaviors>

</behaviors>

<transport

clientCredentialType="Windows"

protectionLevel="EncryptAndSign"/>

</security>

</binding>

</netTcpBinding>

</bindings>

</system.serviceModel>

Web Application Config File

Listing parts that I feel are relevant

</authorization>

<system.serviceModel>

</security>

</binding>

</netTcpBinding>

</bindings>

</identity>

</endpoint>

</client>

</system.serviceModel>

New Post: Cannot configure Transport and Message Security

shane2007 — Thu, 06 Aug 2009 14:06:00 GMT

I am trying to get the X509 certificate to work on Windows Vista and SQL Server Membership Provider to work. For some reason every time that I try to invoke the service I get a certificate error. Is there a working example with a valid config for windows and WCF, and a batch file that will install a certificate and get everything working?

New Post: Not able to read endpoints from WCF in a DLL

vinodreddymk — Wed, 29 Jul 2009 06:27:39 GMT

Hai

I've an asp page that invokes a COM interop component which talks to WCF service (Net tcp binding).When I'm calling this component from ASP page I'm able to access the methods of the classes in the COM component.Within these classes i need to call the WCF service method.When I'm doing this I'm getting an error saying could not find endpoints configuration.

Since the component is a dll WCF service endpoint configuration is resided in the app.config file of the component and doesn't attach to the dll, It is not able to find the code related to WCF configuration in the config file (which is not present in the dll). How can I solve this issue ?? Please help me.

Regards,

Vinod.

New Post: Cannot configure Transport and Message Security

davidsp82 — Tue, 07 Apr 2009 21:55:18 GMT

I have a customer who wants me to configure a WCF Service using BOTH Transport and Message Security. It looks as though the WS-Security standard supports it. How do i configure it? It looks like it's not possible, but this Guide says that Both is probably overkill and page 127.

New Post: Accessing a WCF web service behind a SSL accelerator

jfauger — Fri, 16 Jan 2009 10:44:18 GMT

Hello, I'm currently building a WCF application. Between my server and the client i have a hardware SSL Accelerator.
Went I try to use it always got exception: The provided URI scheme 'https' is invalid; expected 'http'.

Anyone have a small implementation sample for this? thank-you in any case

New Post: Federation and Claims Authorization

jtbennett — Fri, 26 Sep 2008 14:50:46 GMT

+1. Would love to have guidance on implementing claims and federation for services. But please, please either have a consistent story for WCF and Zermatt or present the pros/cons and appropriate scenarios for each approach. Thanks for the great work!

New Post: Federation and Claims Authorization

jtbennett — Fri, 26 Sep 2008 14:50:46 GMT

New Post: Will this be available in print?

rboucher — Wed, 24 Sep 2008 21:13:13 GMT

Thanks for the comments. We are monitoring this thread to determine demand for a print book so keep them coming.

New Post: webHttpBinding?

mtc900 — Tue, 23 Sep 2008 19:43:50 GMT

Is there no guidance on using the new webHttpBinding? In particular I am trying to offer basic username/password authentication against a custom user database while hosted in IIS but am unable to find a workable solution.

New Post: Federation and Claims Authorization

rboucher — Fri, 12 Sep 2008 15:29:50 GMT

Hi Brian,
Right now, we don't have any plans to cover federation and claims, but that's for the next 3 to 4 months. That could change of course. They are huge topics and could be a book all by themselves so if we cover them, they might be split out from this guide. Nothing is set in stone.

We do understand that this is something that people would like to see covered. Others feel free to comment this post if you'd like to see us cover federation and claims in a later update.

New Post: Will this be available in print?

orlandocoder — Mon, 08 Sep 2008 20:50:52 GMT

This book is full of great information. I too would like to take it with me in a plane, train or automobile and also hate staring squinty eyed at a computer screen trying to read anything more than a paragraph or two. I'd definitely order in print!

New Post: Will this be available in print?

basilard99 — Mon, 25 Aug 2008 01:08:51 GMT

I would like to see it in print, primarily because I can take it with me wherever I go. Seriously, I can read it on a plane, in a car, on a train, etc. I can mark it up, scribble on it, etc. I know I can do all that as well if I print it out, but, I've printed out long articles, small books, etc. I find that looseleaf printing (such as a home-office, or small business office can provide) leaves a lot to be desired vs a real book. To be honest, I'm old, and I just like books better.

2 options you may consider that may obviate the discussion and cost.

1) Many small press publishers are taking advantage of on-demand printing (see www.lulu.com). I believe that they'll pass the printing charges on to me.
2) Include a copyright release (or whatever its called), so I can take the PDF to my local Kinko's (or whatever) and let them print it. Your copyright information specifically states this document cannot be reproduced, so most reputable print shops won't touch it with a 10' pole.

Thanks for the great work regardless,
Chris Snyder

New Post: Federation and Claims Authorization

brianb316 — Thu, 14 Aug 2008 18:30:35 GMT

Will Federation and Claims authorization eventually be covered in the WCF Security Guide?

New Post: Will this be available in print?

rboucher — Tue, 12 Aug 2008 00:57:48 GMT

Hi Tadanderson,
There are currently no plans to put it into print. Perhaps stating the obvious, but the PDF is free and can be printed out double sided for a reference. It's includes the page numbers that match the numbers adobe assigns in the PDF. We also will be putting this on MSDN, though in an altered format.

But....

It's just a matter of demand. It costs us money to put it into print and will cost you money to buy the book, of course.

Anyone who wants this item to be in print, please post to this thread to let us know. It would also help to know what needs the other formats (HTML, MSDN, PDF) are not meeting. Tell us why print is better for you.

Rob Boucher

New Post: Will this be available in print?

tadanderson — Wed, 06 Aug 2008 20:04:38 GMT

Will this be available in print?
http://www.amazon.com/s/qid=1218052944/ref=sr_st?rs=1000&page=1&rh=i%3Astripbooks%2Cp_27%3AMicrosoft+Corporation&sort=daterank