TransportWithMessageCredentials – I need to know who is knocking on my door.

The point to be noted here is that even though the security facts of comminication like integrity and confidentiality is taken care of by the transport we might not get enough information from the client as to “Who are you?”. Now for this case you need to add in some credentials about the clients. It…

4

Adding a Message Header without using a MessageContract

Using Message contracts is quite a straight forward way of creating and adding message headers.But then again you might just want to add a header without going downt that route like this post by Kenny. You generally come across 2 scenarios where you want to add headers in every message or just for a particular set…

2

Checking the SIDs in the WindowsClaimSet

In continuation to my post of SAM vs PP, we concluded that to avoid fractured policy checking we can still check if the user belongs to a particular group by checking the occurence of an SID in the WindowsClaimSet that he submits to the service. One of the problems that I faced to view the…

1

ServiceAuthorizationManager and PrincipalPermission

You may face a problem when trying to check for Principal permission and demand in the CheckAccessCore of the SerivceAuthorizationManager and you might see a security exception. This is primarily because the threads principal is not set when this demand check in the SAM happens.   You can however do a Principal Permission check within…

1

Web Hosted Sample with UserNamePassword Supporting Token

In the Passing a UserName as a supporting token post was pretty much a single console app to demo the basic flow. This sample is a bit more richer and shows a web hosted service that requires the usernameSecurity token. To configure it please create a app vdir in IIS and point the client on that…

1

Passing a UserName as a supporting token.

Firstly i would like to thank Brent Schmaltz who helped me solve this problem.  When trying to secure messages might require more than than the primary token to identity the client. We can then resort to sending additional information that would help in identitification or some kind of custom processing.   Basically the code below, from…

3

Disabling Anonymous Authenticaiton on IIS for Message Security and Impersonation

When hosting WCF services in IIS we would ideally want to disable anonymous authenticaion on a website when there are other resources or type of endoints being hosted on that site. The solution to this is not quite obvious.The problem basically is that we have a situation where there are double identities coming into play. Basically this…

4

Load Balancing WCF – basicHttpBinding

Load balancing WCF with basicHttpBinding can be done using the keepAliveEnabled property when there is connection reuse. Basically this property when enabled, enables a client to maintain a persistent connection with the service and gives enhanced throughput with connection reuse with multiple messages. But in a load balanced farm we cannot have a client strongly associated with a…

1

Intalling and Running your STS for Cardspace

I realized that there were many gotachs when running the sample STS that is posted here. This has evolved and the experience is really improved. Thanks to Garrett. Some steps Download the sample from the site and run the setup script. You might want to check the SSL cert setup if it has executed successfully…

0

MGSI Recruiting

Do you get a kick out of enabling customers? Do you want enable organizations around the world to do better business using Technology? Are you passionate about Technology? Are you passionate about Microsoft? If you answered yes to all this then I think you might be looking for a career at MGSI. Drop in a…

0