Skip to main content

WCF Security


Protection Level

Protection level specifies how the message is protected. The protection level can be None, signed, or Encrypted & signed. It can be specified in the [ServiceContract] and/or [OperationContract] attributes.

1. Open the WCF service application that you created earlier or download start file here.

2. You can use the protection level property to enable protection. In the service, change the ServiceContract attribute of the IProductService as given below.
[ServiceContract(ProtectionLevel=System.Net.Security.ProtectionLevel.EncryptAndSign)]

3. Run the ConsoleHost project.
Note: The application should throw an exception. This is because BasicHttpBinding does not support encryption and signature therefore an Exception is thrown. For this to work you need an endpoint that support encryption and signature such as netTcpBinding.

4. In ConsoleHost project, go to App.config and comment off the endpoint with basicHttpBinding

5. Add an endpoint with netTcpBinding
<endpoint address="net.tcp://localhost:8734/Design_Time_Addresses/ProductServiceLibrary/
ProductService/basic" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig"
contract="ProductServiceLibrary.IProductService" />

 6. Run the ConsoleHost project. The project should work fine now.

Security Mode and Credential type

Security mode can be either Transport or Message. Transport bases security uses built-in security feature such as SSL for HTTP. Whereas Message based security is based on SOAP and unlike Transport based security it provides end-to-end security which is better than point-to-point security provided by Transport.

Transport based Security


7. Add another endpoint that uses wsHttpBinding
<endpoint address="https://localhost:8889/Design_Time_Addresses/ProductServiceLibrary/
ProductService/ws" binding="wsHttpBinding" bindingConfiguration="WsHttpBindingConfig"
contract="ProductServiceLibrary.IProductService" />

8. Configure the security mode as Transport and clientCredentialType as Basic.

       </services>
    <bindings>
      <wsHttpBinding>
        <binding name="WsHttpBindingConfig">
          <security mode="Transport">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </wsHttpBinding>

    </bindings>

9. Note for the above to work we need to provide a address with https. To use https, you will need a self issued certificate. Check if  you have a certificate to use with localhost using the instructions given here.

10. If you don't have a certificate, you can use a self issued certificate created using New-SelfSignedCertificate.

11. Add the certificate to Local computer > personal > certificates

12. Copy the same certificate to client side (current user) Trusted Root Certification Authority

13. Use Netsh tool create mapping between address and a port to the certificate in the machine as shown here

14. To reserve URL (Optional) using the following command in the command prompt
netsh http add urlacl url=https://+:8889/ProductService user=DOMAIN\user

Note: if you are not sure about domain/user, use the command whoami
15. Add a Mex endpoint to the Service project
<endpoint address="http://localhost:8733/Design_Time_Addresses/ProductServiceLibrary
/ProductService/mex" binding="mexHttpBinding" contract="IMetadataExchange" />

16. For the above endpoint to work. Add the following to the service behaviors:
<serviceMetadata httpGetEnabled="true"/>


         <behaviors>
            <serviceBehaviors>
                <behavior name="default">
                    <serviceDebug includeExceptionDetailInFaults="true" />
                  <serviceMetadata httpGetEnabled="true"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>

17. Add base address as shown below

<service name="ProductServiceLibrary.ProductService" behaviorConfiguration="default">
 <host>
   <baseAddresses>
     <add baseAddress="http://localhost:8733/Design_Time_Addresses/ProductServiceLibrary/
ProductService"/>
   </baseAddresses>
  </host>

  <endpoint ...


18. Update behaviorConfiguration with the name of the behavior given above:
<service name="ProductServiceLibrary.ProductService" behaviorConfiguration="default">

19. Set the Service Host project as the start-up project. Then, start without debugging  (Ctrl-F5)

20. Update the client Service Reference

21. Next you will need to provide valid user credentials as given in step 23. If required you may create a new user account to do this as shown here.

22. In the client project, update ProductServiceClient as given below:
ProductServiceClient client = new ProductServiceClient("WSHttpBinding_IProductService");
            client.ClientCredentials.UserName.UserName = "User2";
            client.ClientCredentials.UserName.Password = "user234";

23. Run the application and test it.

Message based security

24. At this point if you have enabled MessageLogging. Take a look at the message using the svcTraceViewer. Note that since we are using the Transport security mode the message is not encrypted and is readable.

25. To check how the message will look when we are using message security mode, add binding configuration to netTcpBinding as given below. Then, update BindingConfiguration of the endpoint.

</wsHttpBinding>
      <netTcpBinding>
        <binding name="netTcpBindingConfig">
          <security mode="Message">
            <transport clientCredentialType="Windows"/>
          </security>
        </binding>
      </netTcpBinding>

    </bindings>

26.  In the client project, update ProductServiceClient as given below:
ProductServiceClient client = new ProductServiceClient("NetTcpBinding_IProductService");

27. Run the application and test it.

28. At this point if you have enabled MessageLogging. Take a look at the message using the svcTraceViewer. Note that since we are using the Message security mode the message is encrypted and is not readable.

References and Link









Comments

Post a Comment

Popular posts from this blog

A Comprehensive Evaluation of the Internal Consulting Process: Steps and Considerations

Introduction Internal consulting has emerged as a critical function within organizations, offering in-house expertise to solve complex business problems and drive change. It closely mirrors external consulting in methodology but is differentiated by the consultant's intimate knowledge of the organization and a vested interest in its long-term success. This article aims to evaluate the key steps involved in the internal consulting process, offering insights into each phase's significance and challenges. Steps in the Internal Consulting Process The internal consulting process can generally be segmented into five distinct stages: Initial Assessment, Data Collection and Analysis, Solution Development, Implementation, and Evaluation. Below is an evaluation of each step: Step 1: Initial Assessment Objective: To understand the problem or opportunity area and define the scope of the project. Significance: A well-defined scope ensures that the consulting project stays focused and manage...
Post a Comment
Read more

The Evolving Landscape of Consulting Practice: Changes and Implications

Introduction Consulting is a field that thrives on its ability to adapt to market demands and emerging trends. As businesses evolve due to technological advancements, shifts in consumer behavior, and fluctuations in global markets, consulting practices must keep pace. This article explores some of the significant changes currently transforming the consulting industry and discusses their implications for both consultants and clients. Technological Disruption Data Analytics and Artificial Intelligence Consulting firms are increasingly integrating data analytics and artificial intelligence into their service offerings. These technologies allow consultants to offer data-driven insights that can significantly enhance strategic decision-making. This evolution means consultants now need skills in data interpretation and analysis, alongside their traditional expertise in business strategy. Virtual Consulting Platforms The advent of digital platforms enables consulting services to be offered re...
Post a Comment
Read more

The Skillset of Internal Consultants: A Comparative Analysis

Introduction In the organizational landscape, the role of internal consultants has gained prominence due to the increasing complexity of business problems and the need for specialized in-house expertise. While many skills required for internal consulting overlap with those of external consultants, there are distinct abilities that set them apart. This article aims to compare and contrast these skill sets to provide a clearer understanding of what makes an effective internal consultant. Skills Common to Both Internal and External Consultants Problem-Solving Both types of consultants need to excel at identifying issues and creating viable solutions. Critical thinking and analytical skills are paramount for dissecting complex situations and recommending actionable strategies. Communication Excellent communication skills are a must for any consultant. Whether it’s making a presentation to stakeholders, writing a report, or simply discussing ideas with a team, effective communication is key...
Post a Comment
Read more