Skip to main content

WCF Security


Protection Level

Protection level specifies how the message is protected. The protection level can be None, signed, or Encrypted & signed. It can be specified in the [ServiceContract] and/or [OperationContract] attributes.

1. Open the WCF service application that you created earlier or download start file here.

2. You can use the protection level property to enable protection. In the service, change the ServiceContract attribute of the IProductService as given below.
[ServiceContract(ProtectionLevel=System.Net.Security.ProtectionLevel.EncryptAndSign)]

3. Run the ConsoleHost project.
Note: The application should throw an exception. This is because BasicHttpBinding does not support encryption and signature therefore an Exception is thrown. For this to work you need an endpoint that support encryption and signature such as netTcpBinding.

4. In ConsoleHost project, go to App.config and comment off the endpoint with basicHttpBinding

5. Add an endpoint with netTcpBinding
<endpoint address="net.tcp://localhost:8734/Design_Time_Addresses/ProductServiceLibrary/
ProductService/basic" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig"
contract="ProductServiceLibrary.IProductService" />

 6. Run the ConsoleHost project. The project should work fine now.

Security Mode and Credential type

Security mode can be either Transport or Message. Transport bases security uses built-in security feature such as SSL for HTTP. Whereas Message based security is based on SOAP and unlike Transport based security it provides end-to-end security which is better than point-to-point security provided by Transport.

Transport based Security


7. Add another endpoint that uses wsHttpBinding
<endpoint address="https://localhost:8889/Design_Time_Addresses/ProductServiceLibrary/
ProductService/ws" binding="wsHttpBinding" bindingConfiguration="WsHttpBindingConfig"
contract="ProductServiceLibrary.IProductService" />

8. Configure the security mode as Transport and clientCredentialType as Basic.

       </services>
    <bindings>
      <wsHttpBinding>
        <binding name="WsHttpBindingConfig">
          <security mode="Transport">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </wsHttpBinding>

    </bindings>

9. Note for the above to work we need to provide a address with https. To use https, you will need a self issued certificate. Check if  you have a certificate to use with localhost using the instructions given here.

10. If you don't have a certificate, you can use a self issued certificate created using New-SelfSignedCertificate.

11. Add the certificate to Local computer > personal > certificates

12. Copy the same certificate to client side (current user) Trusted Root Certification Authority

13. Use Netsh tool create mapping between address and a port to the certificate in the machine as shown here

14. To reserve URL (Optional) using the following command in the command prompt
netsh http add urlacl url=https://+:8889/ProductService user=DOMAIN\user

Note: if you are not sure about domain/user, use the command whoami
15. Add a Mex endpoint to the Service project
<endpoint address="http://localhost:8733/Design_Time_Addresses/ProductServiceLibrary
/ProductService/mex" binding="mexHttpBinding" contract="IMetadataExchange" />

16. For the above endpoint to work. Add the following to the service behaviors:
<serviceMetadata httpGetEnabled="true"/>


         <behaviors>
            <serviceBehaviors>
                <behavior name="default">
                    <serviceDebug includeExceptionDetailInFaults="true" />
                  <serviceMetadata httpGetEnabled="true"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>

17. Add base address as shown below

<service name="ProductServiceLibrary.ProductService" behaviorConfiguration="default">
 <host>
   <baseAddresses>
     <add baseAddress="http://localhost:8733/Design_Time_Addresses/ProductServiceLibrary/
ProductService"/>
   </baseAddresses>
  </host>

  <endpoint ...


18. Update behaviorConfiguration with the name of the behavior given above:
<service name="ProductServiceLibrary.ProductService" behaviorConfiguration="default">

19. Set the Service Host project as the start-up project. Then, start without debugging  (Ctrl-F5)

20. Update the client Service Reference

21. Next you will need to provide valid user credentials as given in step 23. If required you may create a new user account to do this as shown here.

22. In the client project, update ProductServiceClient as given below:
ProductServiceClient client = new ProductServiceClient("WSHttpBinding_IProductService");
            client.ClientCredentials.UserName.UserName = "User2";
            client.ClientCredentials.UserName.Password = "user234";

23. Run the application and test it.

Message based security

24. At this point if you have enabled MessageLogging. Take a look at the message using the svcTraceViewer. Note that since we are using the Transport security mode the message is not encrypted and is readable.

25. To check how the message will look when we are using message security mode, add binding configuration to netTcpBinding as given below. Then, update BindingConfiguration of the endpoint.

</wsHttpBinding>
      <netTcpBinding>
        <binding name="netTcpBindingConfig">
          <security mode="Message">
            <transport clientCredentialType="Windows"/>
          </security>
        </binding>
      </netTcpBinding>

    </bindings>

26.  In the client project, update ProductServiceClient as given below:
ProductServiceClient client = new ProductServiceClient("NetTcpBinding_IProductService");

27. Run the application and test it.

28. At this point if you have enabled MessageLogging. Take a look at the message using the svcTraceViewer. Note that since we are using the Message security mode the message is encrypted and is not readable.

References and Link









Comments

Post a Comment

Popular posts from this blog

Excel PMT Function

PMT function is very useful for calculating monthly payment required to payback a loan or mortgage at a fixed rate. This function require a minimum of three inputs, periodic rate, number of periods, present value or the loan amount. Here is a simple example. Home Loan: 350,000.00 Interest rate: 4.5% Number of years to repay the loan: 25 Note: To calculate monthly payment, we need to find the monthly rate and number of months as shown above. Then it is simply a matter of substituting the values into the payment function, as shown in the formula view below.
Post a Comment
Read more

CUMIPMT and CUMPRINC function

CUMIPMT Cumulative interest payment function allows you to calculate the interest paid for a loan or from an investment from period A to period B. When getting a loan, CUMIPMT function can be used to calculate the total amount of interest paid in the first five months or from period 12 to period 20. A period can be a month, a week or two week. Loan Amount : 350,000.00 APR: 4.5% Down payment: 0.00 Years: 25 Payment per year: 12 From the above data, we can calculate the following: No of Period: 25 × 12 = 300 Periodic Rate: 4.5/12 = 0.375% Here is how you will substitute these values into the function. = CUMIPMT (periodic rate, No of period, vehicle price, start period, end period,  ) = CUMIPMT (0.375, 300, 350000, 1, 5, 0) In an excel worksheet, we use cell address instead of actual values as shown below: Here is the formula view of the worksheet: CUMPRINC Another related function is CUMPRINC. CUMPRINC function is used to calculate cumul
Post a Comment
Read more

A Comprehensive Evaluation of the Internal Consulting Process: Steps and Considerations

Introduction Internal consulting has emerged as a critical function within organizations, offering in-house expertise to solve complex business problems and drive change. It closely mirrors external consulting in methodology but is differentiated by the consultant's intimate knowledge of the organization and a vested interest in its long-term success. This article aims to evaluate the key steps involved in the internal consulting process, offering insights into each phase's significance and challenges. Steps in the Internal Consulting Process The internal consulting process can generally be segmented into five distinct stages: Initial Assessment, Data Collection and Analysis, Solution Development, Implementation, and Evaluation. Below is an evaluation of each step: Step 1: Initial Assessment Objective: To understand the problem or opportunity area and define the scope of the project. Significance: A well-defined scope ensures that the consulting project stays focused and manage
Post a Comment
Read more