Browse by Tags

Tagged Content List
  • Blog Post: Patterns and Practices: WCF Security Guidance available online

    The Microsoft Patterns and Practices team has created a guide for WCF security. http://blogs.msdn.com/jmeier/archive/2008/03/27/patterns-and-practices-wcf-security-guidance-now-available.aspx You can find more information at the root site http://www.codeplex.com/WCFSecurity/
  • Blog Post: Reliable Messaging and SecurityToken validation

    One of the things that have come up many times is how the service could stop a client from retrying a request for a valid security validation error while Reliable Messaging is enabled. If you are not familiar with the situation the essence of the problem is this, Binding on the Service has Reliable...
  • Blog Post: Handling Mismatched Trust Versions on the Client

    Federation Clients might have scenarios where it is talking to a Service and STS that don't have the same trust version. The Service WSDL can contain a RequestSecurityTokenTemplate with Trust elements that are in different version than the STS. In these cases a WCF client will convert the Trust elements...
  • Blog Post: Security element and "actor" attribute.

    SOAP 1.1 defines the attribute "actor" that can be on any SOAP header which will indicate who the ultimate processor of the header is going to be. It also defines a standard URI value for this actor attribute that is " http://schemas.xmlsoap.org/soap/actor/next " which implies that the header is intended...
  • Blog Post: Updated Re-Serialize SAML token

    There has been a lot of interest around this and hence I have attached some code listing to this post. Check it out!
  • Blog Post: Using Visual Studio Intellisense to Edit WCF Configuration files.

    If you are using Visual Studio 2005 below is how you can enable intellisense to edit your WCF config files. Copy the Attached WCF Configuration schema file to your VS installation folder at %Program Files%\Visual Studio 8\Xml\Schemas. You will find DotNetConfig.xsd in the same directory. Open this...
  • Blog Post: Daylight savings changes and WCF Security Processing

    I had a question today from a customer who was concerned that his WCF application might start to behave erratically due to the new Daylight savings schedule. Then I realized that there has been quite some noise around this area and people are predicting systems to stop responding when the new Daylight...
  • Blog Post: Asymmetric tokens and Mixed-Mode Security

    When you are using a X.509 Certificate as the client authentication token in Mixed-Mode Security - apart from signing the Timestamp WCF will sign the 'To' header as well. This is to prevent a client spoofing attack by a rougue service. Consider the situation where the client does not sign the 'To' header...
  • Blog Post: WCF Security Modes

    WCF supports three types of Security. They are, Transport Security Mixed-Mode Security Message Security Let's discuss the various Security Modes below. Transport Security is applied at the transport byte stream below the message layer. The message does not have a Security header and...
  • Blog Post: Security Header Layout

    There are four different security header layout that can be specified in WCF. The values are defined in WS-SecurityPolicy. They are, Strict - All security tokens are defined in the security header before its first use. The primary signature should be specified before any endorsing signatures. ...
  • Blog Post: WCF Support in Compact Framework

    In a nutshell, .NET Compact Framework 3.5 supported features for WCF include: messaging-layer communication, WS-security, and http and mail transports. All of these a subsets of what the desktop supports, with the exception of the mail transport, which is new with NetCF. There is also some plans to provide...
  • Blog Post: Configuring HTTP in Windows Vista

    Hosting a WCF service on a HTTP endpoint on Windows Vista has some issues given that you are not running with Administrator privileges. Following blogs discusses how to get around this issue, http://blogs.msdn.com/drnick/archive/2006/10/16/configuring-http-for-windows-vista.aspx http://kennyw...
  • Blog Post: Federation and Bearer Tokens

    The latest WS-Trust spec (yet to be ratified by OASIS) introduces a concept called Bearer Tokens. This basically is a keyless token that a client requests from an STS (Security Token Service). The only purpose this token serves is to provide more information about the client to the service while the...
  • Blog Post: .Net Framework 3.0 is Live!!

    Get the latest version of .Net Framework 3.0 at http://www.microsoft.com/downloads/details.aspx?FamilyId=10CC340B-F857-4A14-83F5-25634C3BF043&displaylang=en
  • Blog Post: Debugging WCF - Traces and Message Logs

    There has been enough posts on this topic. But this topic cannot be over emphasized. The best way to debug any WCF issue is to get a complete Message log and trace. We write tons of information to the trace that there is very little (if any) issues that traces cannot solve. Below is a config to generate...
  • Blog Post: Re-Serialize SAML token

    In a Federation Scenario a client might want to access the services by using a SAML token that was issued to it by a STS. The service in turn might have to call other services (like a intermediary) to fulfill the request. When calling the backend service the service might want to use the SAML token that...
  • Blog Post: Federation

    As you are moving to Web Services world one of the buzz words that you will hear time and again is "Federation". This is simply a security scenario that involves 3 parties to secure a Message. The 3 parties in the scenario are, Client Security Token Service (STS) Target Service This is...
  • Blog Post: Supporting Tokens

    Web Services Message Security has the concept of Primary and Supporting Tokens. The Primary token is the main token that provides security to the message. This signs the message body and other headers as required and serves as the main identity token for the sending party. There is also a concept of...
  • Blog Post: Writing a Custom Message Interceptor when Security is enabled

    A custom message Interceptor give you access to the message as the message goes through the processing pipeline. There are two methods in the Message Interceptor - BeforeSendRequest and AfterReceiveReply. Both these methods gets passed in the Message by reference so you can modify the message. The BeforeSendRequest...
  • Blog Post: WCF Encrypts Signatures by default in Message Security

    When you are building your application with security enabled you will see that all your signatures are encrypted by default. This was not the default in WCF Beta 1. As you would expect this did result in a significant performance penalty. The message protection order in Beta 1 was to Sign before Encrypt...
  • Blog Post: Using Binary Encoding in WCF

    I recently had a question from someone on using Binary Encoding and how performance of their application relates to that. My answer was it depends...it depends on what is in your message body and if you are using message security or transport security. Before talking about binary encoding, the first...
Page 1 of 1 (21 items)