WCF/WIF: JWT Token Validator

Issue: Client > JWT Token -> REST Service -> SOAP Service Steps: ======== 1. User call the REST Web Service (Web API Service) 2. Web API service redirect the client to STS (Token Manager), after presenting the correct credentials. User Get the JWT token. 3. Now Web API makes the call to WCF SOAP Service…

0

WCF: Introp – Signing without primary signature requires timestamp.

WCF: Introp – Signing without primary signature requires timestamp. Security Requirement: SSL Channel SAML token for authentication as part of <security> header TimeStamp being added after the SAML Token   Working request from .Net client: <wsse:Security S:mustUnderstand=”true”> <wsu:Timestamp xmlns:ns17=”http://docs.oasis-open.org/ws-sx/ws- secureconversation/200512″ xmlns:ns16=”http://schemas.xmlsoap.org/soap/envelope/” wsu:Id=”_1″> <wsu:Created>2015-12-23T16:30:10Z</wsu:Created> <wsu:Expires>2015-12-23T16:35:10Z</wsu:Expires> </wsu:Timestamp> <saml2:Assertion xmlns:ds=”http://www.w3.org/2000/09/xmldsig#” xmlns:exc14n=”http://www.w3.org/2001/10/xml-exc-c14n#” xmlns:saml2=”urn:oasis:names:tc:SAML:2.0:assertion” xmlns:xenc=”http://www.w3.org/2001/04/xmlenc#” xmlns:xs=”http://www.w3.org/2001/XMLSchema” ID=”_906f6505770a46018fa4d9fed4fc9713″ IssueInstant=”2015-12-23T16:30:10.153Z” Version=”2.0″> </saml2:Assertion>…

0

Negotiate V/s NTLM

Definitions: Negotiate: Microsoft Negotiate is a security support provider (SSP) that acts as an application layer between Security Support Provider Interface (SSPI) and the other SSPs. When an application calls into SSPI to log on to a network, it can specify an SSP to process the request. If the application specifies Negotiate, Negotiate analyzes the request…

0

HTTP 503 Service Unavailable due to Reserved URI

Problem Statement I have a WCF REST service hosted on the IIS. The URL to invoke the method of the REST service looks like – http://sauravpc1.fareast.corp.microsoft.com/RestWCF/RestServ/GetData. Now, while trying to invoke this URL or browse it directly I get an error – 503 Service Unavailable. I am able to browse the help page of the…


WCF: SSL/TLS Failure during Add Service Reference (System.Net.Security.SslState.ProcessAuthentication)

Issue:   WCF Client application unable to consume web service metadata over SSL. Symptoms:  Unable to use “svcutil.exe” and “Add Service Reference” feature from .net  framework and visual studio. Point of confusion:   Is it a Visual Studio – Add service reference problem or with svcutil.exe Reason for failure:   Client app sends TLS 1.0 as part of…

1

WPF/WinForm: NetHttpBinding Timeout/Deadlock issue on main UI thread – using web sockets

Issue: We are trying to use NetHttpBinding and expect to use the web sockets, along with callback implementation.Now web sockets are by default available if we have a callback contract implemented (when using NetHttpBinding), and it also can be forced on a request/response channel. Synchronous and Asynchronous call to the service via console app works…

0

WCF: Net.Pipe – Endpoint not found exception – Admin/Non Admin mode

Issue Definition: Following error reported from client app calling the WCF service over net.pipe. There was no endpoint listening at net.pipe://localhost/XYZ/MyService that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.   Observation: Client fails to locate the MyService – although server creation doesn’t…

0

WCF: Client Certificate Sample/POC Using MakeCert.exe

Issue: I came across one customer who was working on a POC project to demonstrate the usage of Client Certificate for authentication at transport level security.   Architecture: Create a sample with following criteria: Transport Security (Net.Tcp / HTTPS) Client Credential as Client Certificate   Challenge: Big challenge is how to test the POC/Sample with…

1

WCF: Unable to add service reference – System.Security.SecurityException: Request for the permission of type ‘System.Security.Permissions.SecurityPermission’ failed" – after installing KB 2938782

Issue: Client app: Console Application running with Partial Trust Functionality broken: Add Service Reference for SSL hosted web service   Error: System.Security.SecurityException: Request for the permission of type ‘System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed”   Important condition: Affected box has the following KB installed: KB 2938782   Comparison with working box: In the “Working” trace,…

0

WCF: Time to learn SPN with WCF Kerberos Delegation

What is Kerberos Delegation: Kerberos Delegation allows us to reuse the client credentials to access recourses hosted on a different server. Box Level (if the backend server runs with Network service account) Full Delegation (we can delegation to any process on back end server application) Constrained delegation (we can delegate to selected back end server…

1