Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Transport Secur... » Answers   (RSS)
Monday, March 10, 2008 5:00 AM

Configuring Protection Level

Is it possible to configure the protection level for message parts at runtime? Only certain configurations make doing this particularly easy. When using transport security with Windows credentials, the WindowsStreamSecurityBindingElement allows you to
Posted by Nicholas Allen | 5 Comments
Friday, March 07, 2008 5:00 AM

Customizing Exceptions for Validation

How do I customize the exception text sent back from a custom password validator? If you've looked at the documentation for UserNamePasswordValidator, then the instructions tell you to implement the validator by overriding the Validate method and throwing
Posted by Nicholas Allen | 4 Comments
Monday, March 03, 2008 5:00 AM

Sending to MSMQ with Integrated Authentication

What are the rules for when a client needs to support Active Directory integration for sending to an MSMQ queue? The circumstances may seen mysterious for when you need the client to be joined to a domain to take advantage of Active Directory integration,
Posted by Nicholas Allen | 1 Comments
Thursday, December 20, 2007 5:00 AM

Session Security

How often does authorization occur? Authorization is typically scoped to either messages or sessions. When authorization is scoped to messages, then an authorization request occurs each time a message is sent. When authorization is scoped to sessions,
Posted by Nicholas Allen | 1 Comments
Friday, August 17, 2007 5:00 AM

Supporting Multiple Security Mechanisms

How do I write a service that gives clients the option to choose between different security mechanisms for protecting a service call? For example, how can I allow clients to choose between certificates and passwords? I think that if the example choice
Posted by Nicholas Allen | 3 Comments
Thursday, August 16, 2007 5:00 AM

Security and Streaming

Can I secure a message without having to buffer the message in memory? The answer to this question is yes and no, depending on what the word secure is supposed to mean. There are differences between the operation of transport-level security and message-level
Posted by Nicholas Allen | 1 Comments
Monday, April 02, 2007 5:00 AM

Enabling Kerberos in IIS

How do I enable Kerberos authentication for my web service? Kerberos is a very good authentication protocol to use when you're joined to a Windows domain. It is intended to work through simple configuration, but using Kerberos for network authentication
Posted by Nicholas Allen | 2 Comments
Friday, March 23, 2007 5:00 AM

Preventing Anonymous Access

How do I prevent clients from accessing my service anonymously? I've changed the settings in IIS from Anonymous Access to Integrated Windows Authentication. However, now I'm getting the error message: "Security settings for this service require 'Anonymous'
Posted by Nicholas Allen | 3 Comments
Tuesday, February 06, 2007 5:00 AM

Transport Encryption and Signing

How do I control whether the transport signs and encrypts messages? This answer ties into the article I wrote a few weeks ago on describing channel security capabilities . If you don't remember about protection levels and security capabilities, then you
Posted by Nicholas Allen | 3 Comments
Wednesday, January 17, 2007 5:00 AM

Faking Channel Security

I occasionally see people asking how they can fake the security capabilities of a binding. These questions often start off with "I'm getting an error message that a message's required protection level is not being met". Now, I'm not precisely sure why
Posted by Nicholas Allen | 5 Comments
Tuesday, November 07, 2006 5:00 AM

Dealing with SSL Certificate Validation Failures

Here's a quick list of things to try when debugging a non-functioning SSL server certificate. Has the certificate expired or been revoked? Does the MMC Certificate Manager say that the certificate is valid? Is the certificate in the LocalMachine store?
Posted by Nicholas Allen | 1 Comments
Tuesday, October 17, 2006 5:00 AM

TransportWithMessageCredential Over TCP

After switching from message security to transport security, I'm seeing a bunch of weird protocols being used in message exchanges (even when the credentials are still at the message level). What's going on? Also, why do I need to provide a certificate
Posted by Nicholas Allen | 4 Comments
Tuesday, October 10, 2006 5:00 AM

Which Client Credential Does TransportWithMessageCredential Use?

I'm trying to use a Certificate credential with security mode TransportWithMessageCredential. Certificate credentials were working with transport security but now my clients can't connect. Why isn't this working? This one is fairly quick to diagnose if
Posted by Nicholas Allen | 2 Comments
Wednesday, August 30, 2006 5:00 AM

Configuring an Operation to Impersonate

Today's post is a supplement for those people annoyed that Using Impersonation with Transport Security doesn't actually explain how to use impersonation. Most of the questions that I've seen for this topic come from people that already know how Windows
Posted by Nicholas Allen | 3 Comments
 
Page view tracker