wcf-security

问题 Following are binding configurations of my WCF service. Anonymous access: off Basic authentication: on Integrated Windows authentication: off !! support HTTP protocol . I am getting an following exception while accessing my WCF service: Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service. <system.serviceModel> <bindings> <basicHttpBinding> <binding name="MyBinding"> <security mode="TransportCredentialOnly"

问题 I want to authenticate users of a WCF service against custom Membership and Role Providers but I don't want to have to secure the traffic between with a certificate. Is it possible to use basicHttpBinding, passing custom credentials without a certificate? I ask because I have a WCF service with all of the membership provider plumbing etc wired in via config and hosted under IIS, but the user details are not being passed through to IIS. I have a WAN where the network is secure so I'm not

问题 I am setting an existing WCF service to meet some client requirements. One of the demands is to use a UserNameToken authentication on a service with WS-Addressing disabled and the policy generated on the WSDL in 'SupportingTokens' format, as below. <wsp:Policy wsu:Id="wss_username_token_service_policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity

问题 I am reading about WCF Transport Security and I get a plethora of doubts in my mind because I have less network knowledge. They say, Transport security is good to use only when there is direct communication between client and server. There should be no intermediaries. First of all I want to know, what are these intermediaries ? According to me, they are the routers sitting in between, which relay the messages to next hop, and are not complete computer systems, on which somebody can sit and

问题 I need to access web services of one of our partners. Their services are secured with both a Client Certificate and Basic Authentication. I'm using WCF with BasicHttpBinding. I am able to hook up the cert using Transport level security. I know the cert is working because I'm no longer getting a 403 error, but I am getting a 401 because I can't pass the credentials along with the transport. From what I can see, I can only have one type of transport security scheme. How can I achieve this?

问题 If you look at this MSDN documentation there is a sample with the following code: // Define a change interceptor for the Products entity set. [ChangeInterceptor("Products")] public void OnChangeProducts(Product product, UpdateOperations operations) { if (operations == UpdateOperations.Add || operations == UpdateOperations.Change) { // Reject changes to discontinued products. if (product.Discontinued) //<-- IS THIS BASED ON UNVERIFIED CLIENT DATA??? { throw new DataServiceException(400, "A

问题 I have a WCF self-hosted service with net.tcp binding. I need it to be nonsecured with reliable session. When I configure it to nonsecure all calls to closed service (close, crash, process kill - any reason) lead to timeout exceptions (hang for a minute and timeout). When default (mode = Transport) - I get CommunicationObjectFaultedException at the same moment, seems like infrastructure automatically determines connection break. How can I get immediate CommunicationObjectFaultedException with

问题 I have developed a client software for ms dynamics 2011 using WCF channel and organization service. After creating the channel I put it into dictionary Dictionary<string, OrganizationServiceProxy> and after 8 hours waiting was over, the security token was not valid any more. Now I call serviceProxy.Authenticate() method (serviceProxy is an object retrieved from my collection) and nothing happens. My token has not been renewed and I can not use my channel to retrieve data from dynamics. As I

问题 I'm doing some testing with WCF and we currently have the following Server setup (simplified config): <netTcpBinding> <binding name="netTcp" ... > <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> </netTcpBinding> ... <serviceBehaviors> <behavior name="defaultServiceBehavior"> <serviceCredentials> <serviceCertificate findValue="OurCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/> </serviceCredentials> </behaviour> <

问题 I'm working in a big project that makes extensive use of WCF for different kinds of communication. As a part of a new requirement, we need to communicate with a SOAP Web Service developed by a third party. Their service is developed with Java and has two security requirements: it needs BASIC authentication over transport and the message has to be signed (not encrypted) with a X509 certificate using the WS-Security (OASIS) standard for non-repudiation. The problem I have is that the bindings