Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » WCF » Security   (RSS)
Tuesday, April 01, 2008 1:00 PM

Patterns and Practices: WCF Security Guidance available online

The Microsoft Patterns and Practices team has created a guide for WCF security. http://blogs.msdn.com/jmeier/archive/2008/03/27/patterns-and-practices-wcf-security-guidance-now-available.aspx You can find more information at the root site http://www.codeplex.com/WCFSecurity
Posted by govindr | 0 Comments
Filed under: ,
Monday, August 27, 2007 4:04 PM

Reliable Messaging and SecurityToken validation

One of the things that have come up many times is how the service could stop a client from retrying a request for a valid security validation error while Reliable Messaging is enabled. If you are not familiar with the situation the essence of the problem
Posted by govindr | 1 Comments
Monday, July 16, 2007 11:15 PM

Security element and "actor" attribute.

SOAP 1.1 defines the attribute "actor" that can be on any SOAP header which will indicate who the ultimate processor of the header is going to be. It also defines a standard URI value for this actor attribute that is " http://schemas.xmlsoap.org/soap/actor/next
Posted by govindr | 1 Comments
Tuesday, February 20, 2007 8:26 PM

Daylight savings changes and WCF Security Processing

I had a question today from a customer who was concerned that his WCF application might start to behave erratically due to the new Daylight savings schedule. Then I realized that there has been quite some noise around this area and people are predicting
Posted by govindr | 0 Comments
Filed under: , ,
Tuesday, February 06, 2007 10:10 PM

Asymmetric tokens and Mixed-Mode Security

When you are using a X.509 Certificate as the client authentication token in Mixed-Mode Security - apart from signing the Timestamp WCF will sign the 'To' header as well. This is to prevent a client spoofing attack by a rougue service. Consider the situation
Posted by govindr | 0 Comments
Tuesday, February 06, 2007 9:41 PM

WCF Security Modes

WCF supports three types of Security. They are, Transport Security Mixed-Mode Security Message Security Let's discuss the various Security Modes below. Transport Security is applied at the transport byte stream below the message layer. The message does
Posted by govindr | 4 Comments
Monday, January 22, 2007 1:42 PM

Security Header Layout

There are four different security header layout that can be specified in WCF. The values are defined in WS-SecurityPolicy. They are, Strict - All security tokens are defined in the security header before its first use. The primary signature should be
Posted by govindr | 0 Comments
Wednesday, November 22, 2006 3:06 AM

Federation and Bearer Tokens

The latest WS-Trust spec (yet to be ratified by OASIS) introduces a concept called Bearer Tokens. This basically is a keyless token that a client requests from an STS (Security Token Service). The only purpose this token serves is to provide more information
Posted by govindr | 1 Comments
Tuesday, October 24, 2006 5:05 PM

Re-Serialize SAML token

In a Federation Scenario a client might want to access the services by using a SAML token that was issued to it by a STS. The service in turn might have to call other services (like a intermediary) to fulfill the request. When calling the backend service
Posted by govindr | 19 Comments
Attachment(s): ReSerializeSaml.zip
Wednesday, October 18, 2006 3:38 PM

Federation

As you are moving to Web Services world one of the buzz words that you will hear time and again is "Federation". This is simply a security scenario that involves 3 parties to secure a Message. The 3 parties in the scenario are, Client Security Token Service
Posted by govindr | 7 Comments
Monday, October 16, 2006 10:57 AM

Supporting Tokens

Web Services Message Security has the concept of Primary and Supporting Tokens. The Primary token is the main token that provides security to the message. This signs the message body and other headers as required and serves as the main identity token
Posted by govindr | 1 Comments
Wednesday, October 11, 2006 11:38 AM

Writing a Custom Message Interceptor when Security is enabled

A custom message Interceptor give you access to the message as the message goes through the processing pipeline. There are two methods in the Message Interceptor - BeforeSendRequest and AfterReceiveReply. Both these methods gets passed in the Message
Posted by govindr | 0 Comments
Filed under: ,
Tuesday, October 10, 2006 4:37 PM

WCF Encrypts Signatures by default in Message Security

When you are building your application with security enabled you will see that all your signatures are encrypted by default. This was not the default in WCF Beta 1. As you would expect this did result in a significant performance penalty. The message
Posted by govindr | 7 Comments
Monday, October 09, 2006 3:04 PM

Using Binary Encoding in WCF

I recently had a question from someone on using Binary Encoding and how performance of their application relates to that. My answer was it depends...it depends on what is in your message body and if you are using message security or transport security.
Posted by govindr | 0 Comments
 
Page view tracker