wcf-security

问题 I want to be able to authenticate a WCF Rest webservice but I'm not really sure how to go about it. It looks like many of the other questions relate to stuff in .net 3.5 WCF (such as WebServiceHost2) which no longer seems to exist. I am wanting to do message based authentication on the WCF service with custom usernames and passwords. From what I can tell this can be done by the following in regular WCF: <behaviors> <serviceBehaviors> <behavior name="PasswordValidator"> <serviceCredentials>

问题 I need to use SSL and HTTP authentication in my WCF client to connect to a web service. I have wcf client binding configuration as shown below and code to load certificate and pass the user name and password for http authorization. When I tried this, I am receiving an error "The http request is unauthorized with client authentication scheme 'Anonymous'. The authentication from the server was 'Basic realm="ws.dataway.com:443'". The remote server returned an error: (401) Unauthorized. Can

问题 I'm new to WCF and its security so was looking for some help on a problem I'm having. I have a WCF service that to be deployed to every machine in a small domain. The WCF service is to be hosted in a Windows Service since it has methods in it that need to be invoked elevated. The service is very draft at the moment (it exposes meta-data - but I believe this is to be turned off later - is this possible?). It uses the net.tcp binding - The App.Config of the service is shown below: <?xml version

问题 I am using this blog to implement nonce, password text. http://benpowell.org/supporting-the-ws-i-basic-profile-password-digest-in-a-wcf-client-proxy/ I've seen many other blogs with do but i would like to try this out. This is what I have done so far Let me first say, I have no control over the service. I am just the consumer. passwordtextmessaginspector implements IClientMessageInspector which lets us modify the outgoing message. In this case, I would like to add usernametoken to the message

问题 I want to use transport security mode with username/password authentication and ssl, it works fine with windows authentication: <transport clientCredentialType="Windows"/> I found an article on msdn that explain how to do username/password authentication with transport security mode, but custom http module is required. I am interested why there is no default security mode like: <transport clientCredentialType="Username"/> I am fine with message security mode if i need username/password

问题 Firstly, Thanks to all those patient techies trying to help unknown people. Secondly, I have a wcf service which should be consumed by only several clients (10) known to our company. This wcf service has the x509certificate "CN=ABCD". Now it expects to receive a certificate in turn from clients to consume this service. So here are the design questions Should I create one certificate "CN=ABCD" , then right click on it and export as pfx files and distribute them to Clients? Some say to validate

问题 I have an existing working WPF Application in which I have implemented my own custom authentication to a backend WCF service. When I access this service from WPF, setup the ServiceProxy as follows: proxy.ClientCredentials.UserName.UserName = "test"; proxy.ClientCredentials.UserName.Password = "pass"; and because I'm using HTTPS the uid/pwd is secure. In Silverlight 2 there is no .ClientCredentials object on the proxy. The only option I've found is to add two string parameters to EVERY WCF

问题 First of all I apologize for my english... As I wrote in title I need to secure my WCF Service. I always used message security mode using ClientCredentialType="Certificate", checking in this way: <serviceCertificate findValue="cn=abc" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName"/> <clientCertificate> <authentication certificateValidationMode="PeerTrust"/> </clientCertificate> This configuration worked well, but now I need to assign

问题 WCF does my head in. What I'm trying to do is create a WCF client that will send SOAP messages that contain a username token and are signed with a certificate, but are not encrypted. I've found many articles and blogs with code which almost does what I want, but not quite, and now I'm stumped. Can anyone give me a simple example of how to do this? What I've done so far is: Use svcutil to generate a config file and WCF code from a wsdl and xsd Install certificates and load from the certificate

问题 I am trying to connect to a third party SOAP 1.1 service that requires SSL security and username/password credentials. An example of what is expected is: <soapenv:Header> <wsse:Security> <wsse:UsernameToken> <wsse:Username>username</wsse:Username> <wsse:Password>password</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> My client configuration is as follows: <system.serviceModel> <bindings> <basicHttpBinding> <binding name="thirdpartyservicebindingconfig"> <security