wcf-security

问题 I have a self-hosted WCF service with netTcpBinding bindings. Both my servers and clients will all be in the same domain, so I'd like to use windows authentication, but I'd also like the clients to verify server credentials (to avoid an internal man-in-the-middle/dns tampering attack). I've read that the way to do this is to use an SPN, but I can't seem to get that to work; no matter what the spn is set to the client works (i.e. the server and client don't match, but the client connects

问题 I have a WCF service I'm trying to host on our production web server (IIS6). I've set the web up and tied our cert to the web. When I try to browse to the service url, I receive the following error in the event log : The exception message is: It is likely that certificate 'CN= .mydomain, OU=Secure Link SSL Wildcard, OU=I.T., C=US' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail.. --

问题 I transfered a workking WCF service from my development environment to the QA environment, including the certificates (Root Authority, Root Auth revocation list, Service certificate - including its PK). Afterward I located the private key usihg 'FindPrivateKey' and gave all the relavent accounts full permissions to access the private key file at the file system level. My app crashes with a Unhandled Exception: System.InvalidOperationException: Cannot load the X.509 certificate identity

问题 After several days of tests I find the only way I can create a WCF web service with authentication is to put a certificate in localmachine/trustedpeople cert store. The host will not do this for me. Do you know any way to enable WCF authentication without putting a cert in that store? Is there any other way to get WCF security working on shared hosting? I have worked with a sample on codeproject that puts certs in app_data, but I haven't been able to get that to work. 回答1: I did some very

问题 I have WPF client consuming WCF service hosted in IIS. For authentication I am thinking of either certificate or user name authentication. Client calls couple of methods in WCF and passes some message. For every call that comes to WCF, I want to authenticate the user. To place message in db, I have to know who is the caller, what is their username and few other properties about the user. How to pass these info[may be a small object] on every call? 回答1: This is the recommended default behavior

问题 I am trying to do some basic authentication in a WCF RequestInterceptor. I am using this article as a start. The problem I am running into is communicating between the interceptor and the service. Nothing I have tried seems to work. So far, I have tried: OperationContext.Current requestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name]["foo"] = value HttpContext.Current.Request But no matter what I set, I can't seem to access it in the service behavior itself:

问题 After researching on the topic of claims-Based security (or a federated security model). I've been coming across many examples that use CardSpace as an example. The main article that I read that gave a really great explanation of the subject was a PDF by Microsoft on a framework called Zermatt. The claims-based security architecture I'm looking into is the equivalent of implementing an STS Authentication Broker in combination with an STS Authorization Broker. This way, when I create a new

问题 I want BizTalk to send signed soap messages using WS-Security without encryption. My orchestration is using a dynamic send port. I have tried both, trying to configure a WCF-WSHttp Send Port like this: (temporarily altered my orchestration to use this port rather than a dynamic port) as well as doing it within my orchestration. However I only manage to get my message send out encrypted, or in plain text without being signed or encrypted. Configuring a Send Port. Result: Message gets encrypted

问题 I am trying to get a third party Java client to communicate with a WCF service I have written. I get the following exception when receiving the message: Cannot find a token authenticator for the 'System.IdentityModel.Tokens.UserNameSecurityToken' token type. Tokens of that type cannot be accepted according to current security settings. Here is my configuration: Binding <customBinding> <binding name="TestSecureBinding"> <security authenticationMode="MutualCertificate" /> <textMessageEncoding

问题 I'm reading a book on WCF and author debates about pros of using message-level security over using transport-level security. Anyways, I can't find any logic in author's arguments One limitation of transport security is that it relies on every “step” and participant in the network path having consistently configured security. In other words, if a message must travel through an intermediary before reaching its destination, there is no way to ensure that transport security has been enabled for