Negotiate V/s NTLM

Definitions: Negotiate: Microsoft Negotiate is a security support provider (SSP) that acts as an application layer between Security Support Provider Interface (SSPI) and the other SSPs. When an application calls into SSPI to log on to a network, it can specify an SSP to process the request. If the application specifies Negotiate, Negotiate analyzes the request…

0

HTTP 503 Service Unavailable due to Reserved URI

Problem Statement I have a WCF REST service hosted on the IIS. The URL to invoke the method of the REST service looks like – http://sauravpc1.fareast.corp.microsoft.com/RestWCF/RestServ/GetData. Now, while trying to invoke this URL or browse it directly I get an error – 503 Service Unavailable. I am able to browse the help page of the…


WCF: Suppress multiple 401s in windows authentication

This case study is about discussing 401 challenges in case of windows authentication for WCF service consumers. It covers the perspectives from both IIS hosted and self-hosted service applications. My intention is to show case on suppressing multiple 401s in windows authentication.   WCF service application Hosted on IIS 7.5 Windows authentication is enabled with…


XML signature & digest verification

.NET SignedXml class was only designed to adhere to the XMLDSIG specification. It has no knowledge of SAML, SAML 2.0, SOAP or any other higher level XML protocol. If you are using SignedXml for any other protocol other than XMLDSIG, the scenario is not supported. SignedXml.CheckSignature method determines whether the signature property verifies for the…


Authenticated Encryption – CAPI2 does not support authenticated encryption mode

Authenticated Encryption (AE) or Authenticated Encryption with Associated Data (AEAD) is a block cipher mode of operation which simultaneously provides confidentiality, integrity, and authenticity assurances on the data; decryption is combined in single step with integrity verification. – Referenced from Wikipedia. See reference below. Crypto API’s or CAPI2 does not support authenticated encryption mode. This…


CAPI2 code that will try to translate a CSP handle into a CNG handle

This blog post is with respect to CAPI2 and CNG. We might encounter situations where in our CAPI2 code we see that the CSP handle being used is CNG. This might be tricky to understand as we are using a CAPI2 provider. The reason is: There are many places in CAPI2 code that will try to translate…

0

Troubleshooting: 413: Request size too large with WCF Service

Troubleshooting: 413: Request size too large with WCF Service Problem Statement: A WCF service configured with BasicHpptBinding throws 413: Request size too large error at the client application. This gives an indication that there is some bottleneck at IIS is occurring while WCF service is configured for all the properties to Max.Int32. maxBufferSize=”2147483647″ maxBufferPoolSize=”2147483647″ maxReceivedMessageSize=”2147483647″…


Debugging Tip: Dump ASMX call payloads

In ASMX services, it is always that request and response payloads are point of interest. As per scenario, we can have crash dumps or manual memory dumps only. How can we read the payloads?   Step-1 Get to the thread where we have web service call Step-2 Dump stack objects on the thread (via !dso command)…


WCF: SSL/TLS Failure during Add Service Reference (System.Net.Security.SslState.ProcessAuthentication)

Issue:   WCF Client application unable to consume web service metadata over SSL. Symptoms:  Unable to use “svcutil.exe” and “Add Service Reference” feature from .net  framework and visual studio. Point of confusion:   Is it a Visual Studio – Add service reference problem or with svcutil.exe Reason for failure:   Client app sends TLS 1.0 as part of…

1

WPF/WinForm: NetHttpBinding Timeout/Deadlock issue on main UI thread – using web sockets

Issue: We are trying to use NetHttpBinding and expect to use the web sockets, along with callback implementation.Now web sockets are by default available if we have a callback contract implemented (when using NetHttpBinding), and it also can be forced on a request/response channel. Synchronous and Asynchronous call to the service via console app works…

0