Negotiate v/s NTLM

Definitions: Negotiate: Microsoft Negotiate is a security support provider (SSP) that acts as an application layer between Security Support Provider Interface (SSPI) and the other SSPs. When an application calls into SSPI to log on to a network, it can specify an SSP to process the request. If the application specifies Negotiate, Negotiate analyzes the request…

0

WCF: SSL/TLS Failure during Add Service Reference (System.Net.Security.SslState.ProcessAuthentication)

Issue:   WCF Client application unable to consume web service metadata over SSL. Symptoms:  Unable to use “svcutil.exe” and “Add Service Reference” feature from .net  framework and visual studio. Point of confusion:   Is it a Visual Studio – Add service reference problem or with svcutil.exe Reason for failure:   Client app sends TLS 1.0 as part of…

0

WPF/WinForm: NetHttpBinding Timeout/Deadlock issue on main UI thread – using web sockets

Issue: We are trying to use NetHttpBinding and expect to use the web sockets, along with callback implementation.Now web sockets are by default available if we have a callback contract implemented (when using NetHttpBinding), and it also can be forced on a request/response channel. Synchronous and Asynchronous call to the service via console app works…

0

WCF: Net.Pipe – Endpoint not found exception – Admin/Non Admin mode

Issue Definition: Following error reported from client app calling the WCF service over net.pipe. There was no endpoint listening at net.pipe://localhost/XYZ/MyService that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.   Observation: Client fails to locate the MyService – although server…

0

WCF: Client Certificate Sample/POC Using MakeCert.exe

Issue: I came across one customer who was working on a POC project to demonstrate the usage of Client Certificate for authentication at transport level security.   Architecture: Create a sample with following criteria: Transport Security (Net.Tcp / HTTPS) Client Credential as Client Certificate   Challenge: Big challenge is how to test the POC/Sample with…

0

WCF: Unable to add service reference – System.Security.SecurityException: Request for the permission of type ‘System.Security.Permissions.SecurityPermission’ failed" – after installing KB 2938782

Issue: Client app: Console Application running with Partial Trust Functionality broken: Add Service Reference for SSL hosted web service   Error: System.Security.SecurityException: Request for the permission of type ‘System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed”   Important condition: Affected box has the following KB installed: KB 2938782   Comparison with working box: In the “Working” trace,…

0

WCF: Time to learn SPN with WCF Kerberos Delegation

What is Kerberos Delegation: Kerberos Delegation allows us to reuse the client credentials to access recourses hosted on a different server. Box Level (if the backend server runs with Network service account) Full Delegation (we can delegation to any process on back end server application) Constrained delegation (we can delegate to selected back end server…

0

WCF: Delegation at Message Level security

  Basics: Review this article to get familiar with basic settings needed for WCF delegation. http://blogs.msdn.com/b/saurabs/archive/2012/08/28/wcf-learning-impersonation-and-delegation.aspx     Basic Message Level security can be easy to set up delegation, as indicated from below diagram:     What about delegation between boxes with Load Balancer in place ?     Key points: 1. For Load balancer scenario,…

0

WCF: WCF (xmlSerialization) dropping certain properties of an object during serialization

Task: To consume the JavaService from a WCF client application.   Issue: WCF Client using XML Serialization dropping certain properties, even though we set them correctly.   Tools used to confirm this: Fiddler traces   From WSDL When we add the service reference via (WSDL file) exposed from Java service we see proxy class methods…

0

WCF: Unable to handle load (SSL and client cert authentication) – MaxPendingAccept limitation

Issue Definition: WCF unable to handle load from multiple client when running with (Transport security with client credential  as client certificate).   Symptoms: 1. From network traces, we see that server takes too much time to send a certificate request…  and eventually the client gives up. 2. Further when the issue happens even the connected…

0