locked
WCF Service with SSL and Custom Authentication RRS feed

  • Question

  • I am in the process of investigating the security with WCF.

    What I want to do is host a WCF Service for clients to be able to access data from a Database, this Service must use SSL Certificate. This WCF Service will be accessing a Database and this data is sensitive, so I don't want anybody to be able to consume the Service. I have read different ways of doing one or the other, but not together? Is it possible? If so, how would I do it locally on my machine first using Visual Studio? I understand using a self-signed cert for development locally. I have used custom validation, but this was just over message security.

      <system.serviceModel>
        <diagnostics>
          <messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtTransportLevel="true" />
        </diagnostics>
        <services>
          <service name="WCFService.Math" behaviorConfiguration="AuthenticationBehavior">
            <endpoint address="/Math.svc" binding="wsHttpBinding" contract="WCFService.IMath" bindingConfiguration="AuthenticationBinding" />
          </service>
        </services>
    
        <bindings>
          <wsHttpBinding>
            <binding name="AuthenticationBinding">
              <security mode="TransportWithMessageCredential">
                <message clientCredentialType="UserName" />
                <transport clientCredentialType="None" proxyCredentialType="None" />          
              </security>
            </binding>
          </wsHttpBinding>
        </bindings>
        
        <behaviors>
          <serviceBehaviors>
            <behavior name="AuthenticationBehavior">
              <serviceMetadata httpsGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
              <serviceCredentials>
                <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Verification,App_Code/Authentication" />
                <serviceCertificate findValue="MySelfSignedCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
            <add binding="wsHttpBinding" scheme="https" />
        </protocolMapping>    
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="false" />
      </system.serviceModel>

    Wednesday, April 13, 2016 10:11 AM

Answers

  • Hello,

    >>Is it possible? If so, how would I do it locally on my machine first using Visual Studio? I understand using a self-signed cert for development locally. I have used custom validation, but this was just over message security.

    Based on your description, it seems that you want to implement the WCF service over the HTTPS with the custom username authentication. Yes, it is possible. As you said the custom username validation is just over the message security, then we need to configure the SSL service certificate to implement the transport security.

    For the detailed steps about how to implement it, please check the following article:
    http://www.codeproject.com/Articles/59927/WCF-Service-over-HTTPS-with-custom-username-and-pa .

    Best Regards,
    Amy Peng

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, April 14, 2016 8:07 AM

All replies

  • Hello,

    >>Is it possible? If so, how would I do it locally on my machine first using Visual Studio? I understand using a self-signed cert for development locally. I have used custom validation, but this was just over message security.

    Based on your description, it seems that you want to implement the WCF service over the HTTPS with the custom username authentication. Yes, it is possible. As you said the custom username validation is just over the message security, then we need to configure the SSL service certificate to implement the transport security.

    For the detailed steps about how to implement it, please check the following article:
    http://www.codeproject.com/Articles/59927/WCF-Service-over-HTTPS-with-custom-username-and-pa .

    Best Regards,
    Amy Peng

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, April 14, 2016 8:07 AM
  • I used the example thank you. Although I have now come across another error, I have put this in a new question: https://social.msdn.microsoft.com/Forums/vstudio/en-US/0cc2cfa5-8703-42c7-9121-97be5b2694ec/using-wcf-with-custom-authentication-over-ssl?forum=wcf
    Friday, April 15, 2016 12:46 PM