Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Message Security   (RSS)
Wednesday, July 23, 2008 5:00 AM

Help with Security Programming

Security programming today tends to contain large amount of plumbing code to handle the modeling, management, and evaluation of identities. An identity is the basis of many common security operations, such as authentication, personalization, authorization,
Posted by Nicholas Allen | 1 Comments
Tuesday, June 24, 2008 5:00 AM

Security Session Inactivity

What does the InactivityTimeout on a secure channel do? The inactivity timeout on a message security channel controls how long the channel will allow pending security sessions to linger in its cache before giving up on them. This is completely different
Posted by Nicholas Allen | 0 Comments
Thursday, June 05, 2008 5:00 AM

Improving Web Services Security Beta Guide

The WCF Security Guide content that I've mentioned a few times before is now done with early drafts and has been rolled up into a beta release of the full book. There's a ton of content in the real thing on top of what you've been seeing in the drafts.
Posted by Nicholas Allen | 1 Comments
Tuesday, May 06, 2008 5:00 AM

Updates to WCF Security Guidance

After the first announcement for the WCF Security Guidance Project , the amount of content has grown tremendously. Here's a summary of what's new over the last month. Seven new application scenarios: Intranet - Web to Remote WCF Using Transport Security
Posted by Nicholas Allen | 1 Comments
Tuesday, April 29, 2008 5:00 AM

Messaging Additions in Orcas, Part 2

Continuing on with the theme of messaging additions in Orcas, today I'll look at some more of the protocols and community-driven features that were added. WS Atomic Transaction 1.1 . Transactions tie together multiple participants in a distributed application.
Posted by Nicholas Allen | 2 Comments
Monday, March 31, 2008 5:00 AM

WCF Security Guidance Project

The patterns & practices team at Microsoft has put together their first release of guidance for WCF security . They've included how-to guides and videos that walk you through a number of security tasks, such as working with certificates and configuring
Posted by Nicholas Allen | 2 Comments
Monday, March 10, 2008 5:00 AM

Configuring Protection Level

Is it possible to configure the protection level for message parts at runtime? Only certain configurations make doing this particularly easy. When using transport security with Windows credentials, the WindowsStreamSecurityBindingElement allows you to
Posted by Nicholas Allen | 5 Comments
Friday, March 07, 2008 5:00 AM

Customizing Exceptions for Validation

How do I customize the exception text sent back from a custom password validator? If you've looked at the documentation for UserNamePasswordValidator, then the instructions tell you to implement the validator by overriding the Validate method and throwing
Posted by Nicholas Allen | 4 Comments
Monday, February 18, 2008 5:00 AM

Scopes of Encryption

This article is primarily an introduction on protecting message data since the topic overall seems to cause some confusion. The source of confusion is what it means for a service to define a contract for protecting data. Data protection flows from two
Posted by Nicholas Allen | 1 Comments
Friday, February 15, 2008 5:00 AM

Augmenting Security Requests

How can I add some additional information to the request when contacting a token server? Looking at the schema for a RequestSecurityToken message, there clearly is some extensibility space intended for providing additional information in the request.
Posted by Nicholas Allen | 1 Comments
Tuesday, January 29, 2008 5:00 AM

Finding Data in Client Certificates

Can I pass additional user data, such as identity information, in a message secured with a client certificate? This question looks like an earlier one about Windows credentials but has some subtle differences that make it come out with a different answer.
Posted by Nicholas Allen | 1 Comments
Monday, January 21, 2008 5:00 AM

Controlling Certificate Validation

How do I configure the validation process for certificates specified in the service credentials section? There are several configuration settings for controlling certificate validation although they appear in different places depending on what credentials
Posted by Nicholas Allen | 2 Comments
Wednesday, January 16, 2008 5:00 AM

Flowing Additional Identity Information

I want to provide some additional information about the user within the client credentials. Can I do this with Windows credentials? No. Although you can create custom claims and try attaching them to the credentials, the credentials on the wire only contain
Posted by Nicholas Allen | 4 Comments
Thursday, December 20, 2007 5:00 AM

Session Security

How often does authorization occur? Authorization is typically scoped to either messages or sessions. When authorization is scoped to messages, then an authorization request occurs each time a message is sent. When authorization is scoped to sessions,
Posted by Nicholas Allen | 1 Comments
Wednesday, November 28, 2007 5:00 AM

Using Supporting Tokens

How do I supply additional security tokens beyond those needed to sign and encrypt the message? How do I use those tokens on the service? The additional security tokens are configured through the binding. The client binding needs to be configured with
Posted by Nicholas Allen | 1 Comments
More Posts Next page »
 
Page view tracker