Browse by Tags

Tagged Content List
  • Blog Post: Reliable Messaging and SecurityToken validation

    One of the things that have come up many times is how the service could stop a client from retrying a request for a valid security validation error while Reliable Messaging is enabled. If you are not familiar with the situation the essence of the problem is this, Binding on the Service has Reliable...
  • Blog Post: Asymmetric tokens and Mixed-Mode Security

    When you are using a X.509 Certificate as the client authentication token in Mixed-Mode Security - apart from signing the Timestamp WCF will sign the 'To' header as well. This is to prevent a client spoofing attack by a rougue service. Consider the situation where the client does not sign the 'To' header...
  • Blog Post: WCF Security Modes

    WCF supports three types of Security. They are, Transport Security Mixed-Mode Security Message Security Let's discuss the various Security Modes below. Transport Security is applied at the transport byte stream below the message layer. The message does not have a Security header and...
  • Blog Post: Federation and Bearer Tokens

    The latest WS-Trust spec (yet to be ratified by OASIS) introduces a concept called Bearer Tokens. This basically is a keyless token that a client requests from an STS (Security Token Service). The only purpose this token serves is to provide more information about the client to the service while the...
  • Blog Post: Federation

    As you are moving to Web Services world one of the buzz words that you will hear time and again is "Federation". This is simply a security scenario that involves 3 parties to secure a Message. The 3 parties in the scenario are, Client Security Token Service (STS) Target Service This is...
  • Blog Post: Supporting Tokens

    Web Services Message Security has the concept of Primary and Supporting Tokens. The Primary token is the main token that provides security to the message. This signs the message body and other headers as required and serves as the main identity token for the sending party. There is also a concept of...
Page 1 of 1 (6 items)