Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Transport Security   (RSS)
Tuesday, May 06, 2008 5:00 AM

Updates to WCF Security Guidance

After the first announcement for the WCF Security Guidance Project , the amount of content has grown tremendously. Here's a summary of what's new over the last month. Seven new application scenarios: Intranet - Web to Remote WCF Using Transport Security
Posted by Nicholas Allen | 1 Comments
Friday, April 25, 2008 5:00 AM

Messaging Additions in Orcas

I've had scattered posts in the past talking about the messaging features and enhancements in Orcas. Over the next few days I'm going to be doing a bit of consolidating to organize that information into a few listings of the top changes using reasonably
Posted by Nicholas Allen | 6 Comments
Monday, March 31, 2008 5:00 AM

WCF Security Guidance Project

The patterns & practices team at Microsoft has put together their first release of guidance for WCF security . They've included how-to guides and videos that walk you through a number of security tasks, such as working with certificates and configuring
Posted by Nicholas Allen | 2 Comments
Monday, March 10, 2008 5:00 AM

Configuring Protection Level

Is it possible to configure the protection level for message parts at runtime? Only certain configurations make doing this particularly easy. When using transport security with Windows credentials, the WindowsStreamSecurityBindingElement allows you to
Posted by Nicholas Allen | 5 Comments
Friday, March 07, 2008 5:00 AM

Customizing Exceptions for Validation

How do I customize the exception text sent back from a custom password validator? If you've looked at the documentation for UserNamePasswordValidator, then the instructions tell you to implement the validator by overriding the Validate method and throwing
Posted by Nicholas Allen | 4 Comments
Monday, March 03, 2008 5:00 AM

Sending to MSMQ with Integrated Authentication

What are the rules for when a client needs to support Active Directory integration for sending to an MSMQ queue? The circumstances may seen mysterious for when you need the client to be joined to a domain to take advantage of Active Directory integration,
Posted by Nicholas Allen | 1 Comments
Monday, February 18, 2008 5:00 AM

Scopes of Encryption

This article is primarily an introduction on protecting message data since the topic overall seems to cause some confusion. The source of confusion is what it means for a service to define a contract for protecting data. Data protection flows from two
Posted by Nicholas Allen | 1 Comments
Monday, January 14, 2008 5:00 AM

Custom Password Validation for HTTP

Phil Henning has written about creating a custom username/password validator for HTTP , which is another new feature in Orcas. Like getting access to client IP addresses , creating a custom password validator is a feature added as a result of direct customer
Posted by Nicholas Allen | 1 Comments
Monday, December 31, 2007 5:00 AM

Mapping Credentials to Authentication Schemes

You may have noticed that an HTTP binding is configured with an HttpClientCredentialType whereas an HTTP binding element is configured with an AuthenticationScheme. How are these two settings related? If you want to switch between a custom binding and
Posted by Nicholas Allen | 3 Comments
Thursday, December 20, 2007 5:00 AM

Session Security

How often does authorization occur? Authorization is typically scoped to either messages or sessions. When authorization is scoped to messages, then an authorization request occurs each time a message is sent. When authorization is scoped to sessions,
Posted by Nicholas Allen | 1 Comments
Monday, October 15, 2007 5:00 AM

Configuring SSL Certificates for Windows Vista

The documentation for configuring a port with an SSL certificate shows example commands using the httpcfg.exe program. Starting with Windows Vista, httpcfg.exe was replaced in function by the netsh program that comes with the operating system. This is
Posted by Nicholas Allen | 5 Comments
Friday, August 17, 2007 5:00 AM

Supporting Multiple Security Mechanisms

How do I write a service that gives clients the option to choose between different security mechanisms for protecting a service call? For example, how can I allow clients to choose between certificates and passwords? I think that if the example choice
Posted by Nicholas Allen | 3 Comments
Thursday, August 16, 2007 5:00 AM

Security and Streaming

Can I secure a message without having to buffer the message in memory? The answer to this question is yes and no, depending on what the word secure is supposed to mean. There are differences between the operation of transport-level security and message-level
Posted by Nicholas Allen | 1 Comments
Monday, April 02, 2007 5:00 AM

Enabling Kerberos in IIS

How do I enable Kerberos authentication for my web service? Kerberos is a very good authentication protocol to use when you're joined to a Windows domain. It is intended to work through simple configuration, but using Kerberos for network authentication
Posted by Nicholas Allen | 2 Comments
Thursday, March 29, 2007 5:00 AM

SSL and System Time

A few days ago I decided to upgrade my home machine from 1 GB of RAM to 2 GB. I've been running Vista at home since last summer and it occasionally gets cranky when it runs out of memory. After the usual problems of fiddling with hardware, everything
Posted by Nicholas Allen | 0 Comments
More Posts Next page »
 
Page view tracker