Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » webservices   (RSS)
Monday, August 27, 2007 4:04 PM

Reliable Messaging and SecurityToken validation

One of the things that have come up many times is how the service could stop a client from retrying a request for a valid security validation error while Reliable Messaging is enabled. If you are not familiar with the situation the essence of the problem
Posted by govindr | 1 Comments
Tuesday, August 21, 2007 2:47 PM

Handling Mismatched Trust Versions on the Client

Federation Clients might have scenarios where it is talking to a Service and STS that don't have the same trust version. The Service WSDL can contain a RequestSecurityTokenTemplate with Trust elements that are in different version than the STS. In these
Posted by govindr | 0 Comments
Monday, February 19, 2007 10:57 AM

WS-Federation Passive

I have discussed about Federation before. This post discusses Federation from the active context. "Active" means that the client is a smart client capable of doing encryption and signing and can actively participate in the Federation protocol. There are
Posted by govindr | 0 Comments
Tuesday, February 06, 2007 10:10 PM

Asymmetric tokens and Mixed-Mode Security

When you are using a X.509 Certificate as the client authentication token in Mixed-Mode Security - apart from signing the Timestamp WCF will sign the 'To' header as well. This is to prevent a client spoofing attack by a rougue service. Consider the situation
Posted by govindr | 0 Comments
Monday, January 22, 2007 1:42 PM

Security Header Layout

There are four different security header layout that can be specified in WCF. The values are defined in WS-SecurityPolicy. They are, Strict - All security tokens are defined in the security header before its first use. The primary signature should be
Posted by govindr | 0 Comments
Tuesday, January 09, 2007 2:43 PM

WCF Support in Compact Framework

In a nutshell, .NET Compact Framework 3.5 supported features for WCF include: messaging-layer communication, WS-security, and http and mail transports. All of these a subsets of what the desktop supports, with the exception of the mail transport, which
Posted by govindr | 1 Comments
Filed under: , ,
Tuesday, January 09, 2007 12:43 PM

Configuring HTTP in Windows Vista

Hosting a WCF service on a HTTP endpoint on Windows Vista has some issues given that you are not running with Administrator privileges. Following blogs discusses how to get around this issue, http://blogs.msdn.com/drnick/archive/2006/10/16/configuring-http-for-windows-vista.aspx
Posted by govindr | 0 Comments
Filed under: , ,
Wednesday, November 22, 2006 3:06 AM

Federation and Bearer Tokens

The latest WS-Trust spec (yet to be ratified by OASIS) introduces a concept called Bearer Tokens. This basically is a keyless token that a client requests from an STS (Security Token Service). The only purpose this token serves is to provide more information
Posted by govindr | 1 Comments
Tuesday, November 07, 2006 3:59 PM

.Net Framework 3.0 is Live!!

Get the latest version of .Net Framework 3.0 at http://www.microsoft.com/downloads/details.aspx?FamilyId=10CC340B-F857-4A14-83F5-25634C3BF043&displaylang=en
Posted by govindr | 0 Comments
Filed under: , , ,
Wednesday, November 01, 2006 11:40 PM

Debugging WCF - Traces and Message Logs

There has been enough posts on this topic. But this topic cannot be over emphasized. The best way to debug any WCF issue is to get a complete Message log and trace. We write tons of information to the trace that there is very little (if any) issues that
Posted by govindr | 1 Comments
Filed under: , ,
Tuesday, October 24, 2006 5:05 PM

Re-Serialize SAML token

In a Federation Scenario a client might want to access the services by using a SAML token that was issued to it by a STS. The service in turn might have to call other services (like a intermediary) to fulfill the request. When calling the backend service
Posted by govindr | 19 Comments
Attachment(s): ReSerializeSaml.zip
Wednesday, October 18, 2006 3:38 PM

Federation

As you are moving to Web Services world one of the buzz words that you will hear time and again is "Federation". This is simply a security scenario that involves 3 parties to secure a Message. The 3 parties in the scenario are, Client Security Token Service
Posted by govindr | 7 Comments
 
Page view tracker