Nicholas Allen's Indigo Blog

Windows Communication Foundation From the Inside

Browse by Tags

Tagged Content List
  • Blog Post: Routing and Impersonation

    Can the routing service introduced with .Net 4 be used with impersonation? Yes, the routing service can be used with impersonation for both sending and receiving messages. All of the usual Windows constraints of impersonation apply. If you would have needed to set up service or account permissions...
  • Blog Post: HTTPS Host Name for IIS

    The configuration of an IIS site includes the ability to associate a host name with a particular site definition. For HTTP traffic this allows multiple web sites to be hosted at the same IP address and port, with the true domain name of the site mapped using the host name header. For example, if you...
  • Blog Post: Legacy Created, Obsoleted, and Destroyed Before Shipping

    As far as I can tell there has never been a description of what the mysterious LegacyExtendedProtectionPolicy property is for that appeared on the HTTP and TCP transports and is now slowly in the process of disappearing. In the small number of places it appeared the property has been marked as obsolete...
  • Blog Post: Fix to Allow Customizing the Status Code when Validation Fails

    This week I'll be running a series covering fixes for WCF that may be hard to find and explaining the details behind each problem. This next fix is actually to add a new feature when writing a UserNamePasswordValidator. A UserNamePasswordValidator gives you a callback method called Validate that...
  • Blog Post: Configuring Client Certificate Credentials

    How do I configure a client to provide the certificate for certificate credentials? You need to use the client credentials behavior to provide the credentials that the client will use to authenticate to the service. Here’s the basic template that you can fill out and stick in the behaviors section...
  • Blog Post: Load Balanced Web Service Bindings

    What options can I use with WSHttpBinding to make it friendlier to load balancing? The primary difficulty encountered when using WSHttp with a load balancer is that WSHttp is easy to configure to produce application-level sessions between the client and service. Many load balancers support the...
  • Blog Post: Testing Services with HTTPS

    How do I setup a test environment for a service that is using HTTPS? Certificate validation fails because the test machine doesn’t have the right machine name. Included in the definition of a certificate is the fully qualified domain name that you gave to the certificate authority when the certificate...
  • Blog Post: Common Problems Composing Security with Streaming

    Security and streaming are two features that often do not get along with each other. Although the concepts are not inherently in conflict, their implementations often do things that cause problems for the optimal execution of the other. You may have seen that the message security channel, like the...
  • Blog Post: WCF Security Guide Released

    If you've been following along, I have mentioned the WCF security guide project being worked on in the patterns and practices team a few times now. After months of drafts and betas, the complete guide is now ready for official release. The WCF security guide is available as a free download.
  • Blog Post: Configuring SSL Host Headers

    Host headers in IIS are a way to associate multiple names with a single address. The typical use of host headers is to be able to host more than one web site at a single IP address by giving each of the web sites a distinct DNS name. Host headers also play a role in WCF beyond the definition of a web...
  • Blog Post: Improving Web Services Security Beta Guide

    The WCF Security Guide content that I've mentioned a few times before is now done with early drafts and has been rolled up into a beta release of the full book. There's a ton of content in the real thing on top of what you've been seeing in the drafts. You can download the beta of the full security...
  • Blog Post: Updates to WCF Security Guidance

    After the first announcement for the WCF Security Guidance Project , the amount of content has grown tremendously. Here's a summary of what's new over the last month. Seven new application scenarios: Intranet - Web to Remote WCF Using Transport Security (Trusted Subsystem TCP) ...
  • Blog Post: Messaging Additions in Orcas

    I've had scattered posts in the past talking about the messaging features and enhancements in Orcas. Over the next few days I'm going to be doing a bit of consolidating to organize that information into a few listings of the top changes using reasonably sized chunks. Today I'll look at some of the...
  • Blog Post: WCF Security Guidance Project

    The patterns & practices team at Microsoft has put together their first release of guidance for WCF security . They've included how-to guides and videos that walk you through a number of security tasks, such as working with certificates and configuring role providers. The overall guide is still...
  • Blog Post: Configuring Protection Level

    Is it possible to configure the protection level for message parts at runtime? Only certain configurations make doing this particularly easy. When using transport security with Windows credentials, the WindowsStreamSecurityBindingElement allows you to directly set the protection level (changing...
  • Blog Post: Customizing Exceptions for Validation

    How do I customize the exception text sent back from a custom password validator? If you've looked at the documentation for UserNamePasswordValidator, then the instructions tell you to implement the validator by overriding the Validate method and throwing a SecurityTokenValidationException if you...
  • Blog Post: Sending to MSMQ with Integrated Authentication

    What are the rules for when a client needs to support Active Directory integration for sending to an MSMQ queue? The circumstances may seen mysterious for when you need the client to be joined to a domain to take advantage of Active Directory integration, but the rules turn out to actually be...
  • Blog Post: Scopes of Encryption

    This article is primarily an introduction on protecting message data since the topic overall seems to cause some confusion. The source of confusion is what it means for a service to define a contract for protecting data. Data protection flows from two different directions and at a variety of different...
  • Blog Post: Custom Password Validation for HTTP

    Phil Henning has written about creating a custom username/password validator for HTTP , which is another new feature in Orcas. Like getting access to client IP addresses , creating a custom password validator is a feature added as a result of direct customer feedback. In fact, the two features were added...
  • Blog Post: Mapping Credentials to Authentication Schemes

    You may have noticed that an HTTP binding is configured with an HttpClientCredentialType whereas an HTTP binding element is configured with an AuthenticationScheme. How are these two settings related? If you want to switch between a custom binding and a standard binding for HTTP, then you need to know...
  • Blog Post: Session Security

    How often does authorization occur? Authorization is typically scoped to either messages or sessions. When authorization is scoped to messages, then an authorization request occurs each time a message is sent. When authorization is scoped to sessions, then an authorization request occurs at the...
  • Blog Post: Configuring SSL Certificates for Windows Vista

    The documentation for configuring a port with an SSL certificate shows example commands using the httpcfg.exe program. Starting with Windows Vista, httpcfg.exe was replaced in function by the netsh program that comes with the operating system. This is more convenient than having to download a separate...
  • Blog Post: Supporting Multiple Security Mechanisms

    How do I write a service that gives clients the option to choose between different security mechanisms for protecting a service call? For example, how can I allow clients to choose between certificates and passwords? I think that if the example choice had been between message security and transport...
  • Blog Post: Security and Streaming

    Can I secure a message without having to buffer the message in memory? The answer to this question is yes and no, depending on what the word secure is supposed to mean. There are differences between the operation of transport-level security and message-level security, as well as potentially differences...
  • Blog Post: Enabling Kerberos in IIS

    How do I enable Kerberos authentication for my web service? Kerberos is a very good authentication protocol to use when you're joined to a Windows domain. It is intended to work through simple configuration, but using Kerberos for network authentication sometimes turns out to be harder than it should...
Page 1 of 2 (41 items) 12