WCF: Support for Wild Card Host Header at IIS 10 and above

IIS 10 came with new feature to support Wild Card Host Headers. https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/wildcard-host-header-support Does WCF support it? WCF does not support this and still need to be configured in old way by creating multiple IIS binding for desired host headers. Error we might see when browsing the WCF service: The protocol binding ‘X.X.X.X:80:*.XYZ.com’ is not…

0

WCF/WS: SSL Mutual Client Cert Authentication 403.16 or 403.7

Problem When attempting to use a certificate to authenticate to an IIS website or self hosted WCF service over SSL/TLS channel, we receive a 403.16 error code. Troubleshooting We can collect server side System.Net Traces or WCF Activity Traces System.Net Tracing collection Steps WCF Tracing Observation from System.Net Traces: You might observe the GetClientCertificate API…

0

ASMX/WS/WCF Web Service: System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

Issue: Intermittent Socket exception seen on client application trying to fetch data from MS web services. Troubleshooting: I recommend collecting application level traces to collect the stack trace information. In addition we can collect the System.Net traces or memory dumps on specific exceptions. Detailed stack from dump: 0:000> !dumpstack OS Thread Id: 0x1708 (0) Current…

0

WCF/WS/TLS: Get .Net Framework 4.0 application use TLS1.2 as default protocol

Issue: By default, .net application built on framework 4.0 will use SSL3.0 or TLS1.0 as default protocol. Ask: If we need to force it to use TLS1.2 protocol, review below workarounds. Workaround 1: Use below link just before Https call is attempted. ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; Workaround 2: Migrate the existing application to supported framework 4.6.2….

0

WIF: Memory leak issue with WIF 3.5 - Microsoft.IdentityModel.Tokens - SecurityTokenCacheKey

Issue:Recently we came across a case where memory leak issue is identified within WIF 3.5 DLL inside the “Microsoft.IdentityModel.Tokens” class. How does this happen: The source code has a coding BUG where “SecurityTokenCacheKey” are not getting cleared off properly. Impacted heap structures seen in memory dumps: 00007ff97bbb0038   371165     17815920 System.Collections.Generic.LinkedListNode`1[[System.Object, mscorlib]] 00007ff97bba6f48   371230     17819040 Microsoft.IdentityModel.Tokens.SecurityTokenCacheKey…

0

ADAL: Secure Web API with ADFS 3.0 for Desktop Client

I came across one of the requirements, where my customer requested me to create a sample ASP.NET WEB API application, and later be consumed by a rich desktop client like WPF. It had one OAuth 2.0 protocol authorization rider before accessing the WEB API resource. And, the OAuth 2.0 access token must be retrieved from…


WIF: WIF10201: No valid key mapping found for securityToken:

Issue: WIF10201: No valid key mapping found for securityToken: This exception is observed on a federated application(web app / mvc / asmx / wcf) using WIF pipeline to authenticate the user. Stack: [SecurityTokenValidationException: WIF10201: No valid key mapping found for securityToken: ‘System.IdentityModel.Tokens.X509SecurityToken’ and issuer: ‘LocalSTS’.] System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken token) +987 System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) +73 System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken,…

0

WCF: Federating WCF with WIF

Ask: Federate WCF service via WIF   Traditional approach: For normal web app or MVC app, we follow the concept of FedAuth cookie. Client -> Federated Application, gets redirected to STS Client -> STS, get claims Client -> Federated Application validates claims and issue a Fed Auth Cookie. Client -> This time call made with…

0

WCF: Message Security limitation with TLS 1.2 protocol

Issue: WCF Message Security breaks when using or forced to use TLS 1.1 or TLS 1.2 protocol. Re-pro code: https://1drv.ms/f/s!ArgnWb8iHXB6gqcg43hmT5jjbKJ-IA We can disable SSL 3.0 and TLS 1.0 inside server key and we get below failure stack. Failure Stack: 29 clr!IL_Throw+0x184     2a System_IdentityModel_ni!System.IdentityModel.SspiWrapper.AcquireCredentialsHandle(System.String, System.IdentityModel.CredentialUse, System.IdentityModel.SecureCredential)+0xd71ca     2b System_ServiceModel_ni!System.ServiceModel.Security.TlsSspiNegotiation.AcquireDummyCredentials()+0x73     2c System_ServiceModel_ni!System.ServiceModel.Security.TlsSspiNegotiation..ctor(System.String, Boolean, System.IdentityModel.SchProtocols, System.Security.Cryptography.X509Certificates.X509Certificate2,…

0

Additional details on AF CU8 release

The latest version of AF 1.1 CU (cumulative update) 8 was released on 12/7/2016, and available on https://www.microsoft.com/en-us/download/details.aspx?id=54440. The detailed hotfix information is listed on https://support.microsoft.com/en-us/kb/3199763.   It has fix for the following three types of issues: 1.      Fixed a memory leak that occurs in specific scenarios. When a dependent service of AppFabric is unresponsive, this results…