TransportWithMessageCredentials – I need to know who is knocking on my door.

The point to be noted here is that even though the security facts of comminication like integrity and confidentiality is taken care of by the transport we might not get enough information from the client as to “Who are you?”. Now for this case you need to add in some credentials about the clients. It…

4

Adding a Message Header without using a MessageContract

Using Message contracts is quite a straight forward way of creating and adding message headers.But then again you might just want to add a header without going downt that route like this post by Kenny. You generally come across 2 scenarios where you want to add headers in every message or just for a particular set…

2

Checking the SIDs in the WindowsClaimSet

In continuation to my post of SAM vs PP, we concluded that to avoid fractured policy checking we can still check if the user belongs to a particular group by checking the occurence of an SID in the WindowsClaimSet that he submits to the service. One of the problems that I faced to view the…

1

ServiceAuthorizationManager and PrincipalPermission

You may face a problem when trying to check for Principal permission and demand in the CheckAccessCore of the SerivceAuthorizationManager and you might see a security exception. This is primarily because the threads principal is not set when this demand check in the SAM happens.   You can however do a Principal Permission check within…

1

Web Hosted Sample with UserNamePassword Supporting Token

In the Passing a UserName as a supporting token post was pretty much a single console app to demo the basic flow. This sample is a bit more richer and shows a web hosted service that requires the usernameSecurity token. To configure it please create a app vdir in IIS and point the client on that…

1

Passing a UserName as a supporting token.

Firstly i would like to thank Brent Schmaltz who helped me solve this problem.  When trying to secure messages might require more than than the primary token to identity the client. We can then resort to sending additional information that would help in identitification or some kind of custom processing.   Basically the code below, from…

3