Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)

Updates to WCF Security Guidance

After the first announcement for the WCF Security Guidance Project , the amount of content has grown tremendously. Here's a summary of what's new over the last month. Seven new application scenarios: Intranet - Web to Remote WCF Using Transport Security

Messaging Additions in Orcas, Part 2

Continuing on with the theme of messaging additions in Orcas, today I'll look at some more of the protocols and community-driven features that were added. WS Atomic Transaction 1.1 . Transactions tie together multiple participants in a distributed application.

Messaging Additions in Orcas

I've had scattered posts in the past talking about the messaging features and enhancements in Orcas. Over the next few days I'm going to be doing a bit of consolidating to organize that information into a few listings of the top changes using reasonably

Hosting Identity

How can I run a service operation hosted in IIS using a specific identity? There are two ways for your operation to be running using a specific identity: start off running under that identity; or, start off running under a different identity and change
Posted by Nicholas Allen | 1 Comments
Filed under: , , ,

Default ProtectionLevel for Standard Bindings

Previously I've described how messages are protected by using the ProtectionLevel attribute to specify the minimum level of protection. If you don't specify a protection level explicitly, then you'll get one by default that is computed based on the binding.

General Security Guidance Videos

After talking about some of the work on WCF security I thought I'd mention an unrelated but similarly beneficial collection of videos on the MSDN security developer center . These security videos cover a wide variety of topics, each in the format of explaining
Posted by Nicholas Allen | 0 Comments
Filed under: ,

The Pipe DACL

When a named pipe channel listener creates a new named pipe it has to supply a discretionary ACL that describes who can connect to the pipe. Here is how that DACL is constructed: An access control entry is added to deny GENERIC_ALL access to the well-known

WCF Security Guidance Project

The patterns & practices team at Microsoft has put together their first release of guidance for WCF security . They've included how-to guides and videos that walk you through a number of security tasks, such as working with certificates and configuring

Overriding Protection for IPSec

How do I use username credentials with IPSec? I'm told that I need to turn on security but my connection is already secure. WCF only permits username tokens to be transmitted over a binding that's secure. If a username and password are transmitted without

Getting Caught by Loopback

I'm trying to connect to a service on the same machine using Windows credentials and getting an authentication error. I can connect to the service from other machines. I can also connect to the service if I set up an endpoint that listens on the loopback
Posted by Nicholas Allen | 1 Comments
Filed under: , ,

Partial Trust Binding Black List

Partial trust support in WCF is an Orcas feature that allows clients and services to be run in an environment with restricted permissions. WCF is part of a fully trusted installation, so by default partially trusted callers are not allowed to call into

Configuring Protection Level

Is it possible to configure the protection level for message parts at runtime? Only certain configurations make doing this particularly easy. When using transport security with Windows credentials, the WindowsStreamSecurityBindingElement allows you to

Customizing Exceptions for Validation

How do I customize the exception text sent back from a custom password validator? If you've looked at the documentation for UserNamePasswordValidator, then the instructions tell you to implement the validator by overriding the Validate method and throwing

Sending to MSMQ with Integrated Authentication

What are the rules for when a client needs to support Active Directory integration for sending to an MSMQ queue? The circumstances may seen mysterious for when you need the client to be joined to a domain to take advantage of Active Directory integration,

Scopes of Encryption

This article is primarily an introduction on protecting message data since the topic overall seems to cause some confusion. The source of confusion is what it means for a service to define a contract for protecting data. Data protection flows from two
More Posts Next page »
 
Page view tracker