wcf-security

It's my first question over the web. Hope it will make sense. I have seen several blogs related to this issue over the Web, and I have tried few of the ideas presented in them with no success. Here's my situation: I have a web App calling a WCF web service which then call a Java web service. They are all on different servers. The call between the WCF web service to the java web service is not over https as the certificate will be enough to identify the caller (Message security therefore). Java web service (black box) The Java web service requires to received a signed message and works as per

I need to create a WCF service that is hosted in IIS, uses http transport and hold state in the server’s memory. While I’m aware that stateful services aren't a good idea, this last constrain is necessary to make the service work with a legacy client. My first thought was to asp.net’s session to store the values. I activated the asp.net compatibility mode in my service, which gave me access to the HttpContext, but values that were placed in the session object were not being persisted in memory. I assume this was because the http module that handles session state was not correctly configured,

Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only BasicHttpBinding-binding? (I can’t use the wsHttpBinding-binding) The site is hosted on IIS 7, with the following authentication set up: - Anonymous access: off - Basic authentication: on - Integrated Windows authentication: off !! Service Config: <services> <service name="NameSpace.SomeService"> <host> <baseAddresses> <add baseAddress="https://hostname/SomeService/" /> </baseAddresses> </host> <!-- Service Endpoints --> <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://hostname

I have a custom MembershipProvider as shown below. It validate user name and password against Active Directory. I would like to make this as an “authentication service”. This should work even if the client uses forms authentication or windows authentication. There is a WCF “HR Service” which is providing employee information. The “HR UI” website is using “HR Service” WCF service. Now we need to ensure that any client using the “HR Service” should be authenticated using “authentication service” before accessing the operation of “HR Service”. If the client application is authenticated once, next

I am developing a WCF web service and I used the WCF Service Application template to do that. Does creating a "WCF Service Application" fulfill this requirement? What are the advantage of creating a WCF Service Library over a WCF Service Application? A service application includes a website host already setup for you. A service library is a library of services that a host can reference and startup. If you start with a service library (recommended) you can then choose any host you wish (a windows service, IIS/ASP.NET, or even a console application) and you'd just reference your library from

I have an asp.NET WCF on .NET 4. This service is used to authenticate users. We are submitting a username and password and then an HTTP Header should be returned with the authentication cookie included. Using a locally hosted test page this is working correctly. I am now attempting to access the header information cross domain. I have installed my test page on a different machine and configured to call across to the WCF. The call is working and the 'data' reply in the call is correct. However, I am unable to access the header information with either of the following: alert(xmlHttp

i was reading about WCF security implementations and found out that there are 2 types of security: Transport Mode and Message Mode (or both) If i used HTTPS for Transport Mode, is it more secured if i used Message security also? i am asking this because what i understand is as follows: https uses SSL protocol which encrypts messages... so why should i add Message Security and encrypt the SSL encrypted message? or am i misunderstanding stuff? Ladislav Mrnka Security in WCF actually consists of several features . The difference between those two is how are messages signed and encrypted.