wcf-security

问题 I'm using a WCF service with the NetNamedPipesBinding to communicate between two AppDomains in my process. How do I secure the service so that it is not accessible to other users on the same machine? I have already taken the precaution of using a GUID in the Endpoint Address, so there's a little security through obscurity, but I'm looking for a way of locking the service down using ACL or something similar. 回答1: See http://blogs.charteris.com/blogs/chrisdi/archive/2008/06/23/exploring-the-wcf

问题 Is it possible to configure a WCF service that: is hosted by IIS uses the basicHttpBinding binding does not need an SSL cert supports sessions ( ServiceContract(SessionMode:=ServiceModel.SessionMode.Required) ) I know the easiest thing to do would be to buy an SSL cert, but for reasons beyond my control I am being required to match the 4 constraints above. thanks, Tom 回答1: Tell your boss that basicHttpBinding supports real security only when using with SSL certificate (otherwise all data are

问题 I recently started using a custom ServiceHostFactory because I want to use dependency injection with WCF. Both my client and service are being run from VS2010 on my local machine and the service is using the ASP.NET Development Server. Why am I having this problem now? I've had success with wsHttpSecurity in the past, having both the client and service on my local machine. I really think the only difference here is the use of a ServiceHostFactory. I've tried using the userPrincipalName

问题 I have a WCF service hosted on a windows service on my Server1. It also has IIS on this machine. I call the service from a web app and it works fine. But within this service, I have to call another WCF sevice (also hosted on a windows service) located on Server2. The security credentials are set to "Message" and "Username". I have an error like "SOAP protcol negociation failed". It's a problem with my server certificate public key that doesn't seem to be recognise. However, if I call the

问题 After couples of WCF tutorials, I could develop a WCF client/Server application, both service and client applications are Windows Forms Application. I can call service using each client by specifying UserName and password. My WCF service applications also shows all the connected clients with their username as well. But, When multiple clients send a request to service then I'm not being able to identity which user has called the method. This is important as my application tend to have its own

问题 I would like to know the difference between TransportWithMessageCredential Vs Message in terms of WCF security. What I know is: Transport security: Is used to provide point-to-point security between the two endpoints. Message security: It provides end-to-end security. Because message security directly encrypts and signs the message, having intermediaries does not break the security. If we use TransportWithMessageCredential mode, is the SOAP message (Header and Body) encrypted? My concern is

问题 The objective is, by using WCF, connect to a Web service that requires UserNameToken ws-security as specified by the standard "oasis-200401-wss-soap-message-security-1.0". Full specification can be find here http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf There are few examples of how to create the token and none worked for me. When i posted this i had already found the answer but since it was not easy, i let here the solution i found and hope it can be

问题 Imagine for a moment that we're using classic asymmetric encription with WCF (private/public key pairs). Obviously it's secure until private keys aren't stolen. We don't need any trust chains between keys, right? Client only needs to know its server's public key and vice versa. A problem arises only if client doesn't know server's public key in advance and gets it on the first access. Here we have a risk that actual server is a "man-in-the-middle" instead of the real server. Here we need

问题 Can anyone provide some links to good information on setting up Silverlight 2.0 to authenticate to a WCF Service through ASP.NET Forms Authentication? 回答1: I guess this link could help you http://silverlightuk.blogspot.com/2008/03/silverlight-wcf-and-aspnet.html 回答2: Here's a good place to get started. The technology that allows you to use ASP.NET Forms Auth in SL2 is called ASP.NET Application Services - it's easy to use. http://msdn.microsoft.com/en-us/library/cc838250(VS.95).aspx 回答3:

问题 I am using WCF Message level security with the following wsHttpBinding <security mode="Message"> <message clientCredentialType="Windows" establishSecurityContext="false" /> </security> Each time i call the service is a separate operation, and there is no need to keep any session state. I am running into a problem with load balancer, because WCF keeps re-using security tokens, so if the first call goes to NodeA, it creates a security token which is re-used. If that token is passed to NodeB