wcf-security

问题 According to our provider we need to send this kind of Header: <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-12" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>string</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">string<

问题 I am trying to impersonate user for all the processes running from a console app. I don't want to start my VisualStudio as that user nor want to keep attaching external process running under that user. This is what I have tried... static void Main(string[] args) { Console.WriteLine("Environment.UserName: {0}", Environment.UserName); // Prints currently logged-in win username ConfigurationManager.GetSection("configuration"); using (var impersonator = new Impersonator()) { Console.WriteLine(

问题 We have a WCF service running in Azure and have client application (WPF) consuming the servcie. Can anybody point me in the right direction on how I can secure the WCF service so that only my client application can access the public methods or applications allowed can access the public methods 回答1: there are lots of possibilities depending on binding you are using, an approach could be to use Message Security with X509 certification in WSHtttpBinding you can read about it's example here

问题 Hi I wonder if someone can help me, I've been banging my head against the wall trying to solve this but no luck yet :( I have a WCF hosted on IIS6 on a remote server on our internal network, http://systemservices/ServiceManagerServices.svc. I can access the service in my browser, however when trying to send a request using WcfTestClient, i get the following error: > Error: Cannot obtain Metadata from > http://systemservices/ServiceManagerServices.svc If this is a Windows > (R) Communication

问题 It is running in an Intranet using IIS 7 and it works fine whenever I enable Anonymous Authentication in the IIS Manager. If I disable it and try to run it using wcftestclient then I get the following error, Error: Cannot obtain Metadata from http://myserver/testing/eval.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to

问题 I have WCF services hosted on a console application and a web application accessing its operations. I have searched for WCF security and in most cases the web services were hosted on IIS. What points should I follow in order to implement WCF transport layer security in my case? What I want is Using username and password to execute WCF operations Use SSL to encrypt data. If my WCF services are hosted on a console application. Are there any IIS configurations that I should make? 回答1: If your

问题 I have a SL4 app that uses WCF to communicate with a backend SQL Server 2008 database. One of the WCF services needs to connect to the database with a dedicated system account due to the database permissions required by the stored procedure that is called. I have attempted to implement a solution using impersonation within the service code e.g. int result = LogonUser(userName, domain, password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, out _token); if (result > 0) {

问题 I need to protect my WCF web services and was thinking what is the best way of doing this. Its not really a ROLE / User situation - more of a "WHO CAN CALL THE WEB SERVICE". I was thinking that i could use an IP? Is this the recommended way? Anybody have any experience with this, I was thinking of have a table (sql) with all IPs that can access the web service but i didn't want to reinvent the wheel if something exists already. I presume there is an event or similar when somebody access the

问题 My question is in regards to the best (aka "least painful") way to secure access to a WCF service that is only exposed to our company's internal users. The goal is to ensure that the service is only accessed via a single Windows forms application that each of our users has installed. When the service is called, I want the service to be able to validate that it was called from the permitted application. The service to be secured uses basicHttpBinding, which supports streaming, so I believe I

问题 My question is in regards to the best (aka "least painful") way to secure access to a WCF service that is only exposed to our company's internal users. The goal is to ensure that the service is only accessed via a single Windows forms application that each of our users has installed. When the service is called, I want the service to be able to validate that it was called from the permitted application. The service to be secured uses basicHttpBinding, which supports streaming, so I believe I