wcf-security

问题 I am attempting to consume a web service through its corresponding wsdl. This service is dependent upon authentication conforming to Web Services Security Basic Security Profile 1.0 including that the correct xmls namespace of http://docs.oasis-open.org/wss/2004/01/oasis-200401wss-wssecurity-secext-1.0.xsd must be included in the request. Example: <wsse:UsernameToken xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' > <wsse:Username> Bob </wsse

问题 I have hosted a Wcf Service When user login to his user account, it is my First layer security for the wcf service. that is normal windows login authentication. I want to provide a second layer security before accessing the Wcf Service. Second layer security can be username checking or username and password checking. And one more, in the second layer security, if the user is same as that is currently logged in, then it would not ask for authentication. Else, ask for authentication as part of

问题 I have been developing a WCF service using basic HTTP binding. This has been integrated with DataPower. I want to follow best practice by enabling secure binding. Is this necessary? Referring to slide 8 in DataPower WCF integration : DataPower is designed to off-load the security for the WCF services. Thank you. 回答1: Only your security architects can really tell you if it is needed for your case. Remember, whatever you are sending over the wire is unsecured when using basic HTTP. Within the

问题 How can I get my console app to connect with an IIS hosted WCF service when basic and/or windows authentication is switched on and anonymous authentication turned off? The site is internal and stringent security is not required. There is no domain controller. However, I need to turn off anonymous access. I have searched for days and have tried many methods including using a self hosted certificate and overriding the certification validation, overriding the UserNameValidator and using client

问题 I have to make a centralized log repository and I decided to mount a WCF service implementing NLog's LogReceiverService (through wsHttpBinding). I followed this topic where I found a working example (there is a working code at bitbucket). Ok, now the problem: I would like to add some security to this WCF Service, expose it through HTTPS and maybe add an Authentication Token. I have programmed this kind of authentication earlier, so I do know how to do it, it's just I don't know how can I

问题 I have created a WCF service inside an existing ASPNET webforms site, I then proceeded to add FormsAuthentication to the aspnet site, added a section in the location tag to allow anonymous access to the .svc file, I can browse through the WSDL file no issue, but when I try to call the service, I get a 302, the service is setup to use basicAuth. I tried added a HttpModule to intercept the service request and return an appropriate message but that doesnt work as well. Here is the Webconfig

问题 is it necessary to create a service certificate to use custom username and password authentication? I want to authenticate my WCF service with custom username and password. My Service web.config is as follows: <system.serviceModel> <bindings> <wsHttpBinding>`enter code here` <binding name="NewBinding0"> <security mode="Message"> <transport clientCredentialType="Basic" /> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> <services> <service

问题 can anyone help, i am trying to call a rest service via the channel factory but sending along my credentials... The rest service uses Windows authentication. But with the following code i get "Manual addressing is enabled on this factory, so all messages sent must be pre-addressed." error when using GetMessage I know my service works as if i remove Windows authentication it works! BUt with windows authentication on and not changing clientCredentials i get BAD REQUEST whioch i think is normal.

问题 In my previous question I've tried to connect to JAVA service that required custom security. I've created custom MessageEncoder to add attributes required by service, but after trying to send request, I get this response: <?xml version='1.0' encoding='utf-8'?> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>

问题 I have a service that uses SSL. When I try to browse to the service I get the following error: The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'None'. My config is as follows: <security mode="Transport"> <transport clientCredentialType="Certificate" /> </security> I am using IIS Express and I have "Enable SSL" checked (verified in WebMatrix). Any ideas what else I need to do? 回答1: Ok. It looks like I needed to update the applicationhost.config file (in IIS