locked
How do you security at restful WCF service? RRS feed

  • Question

  • User459401427 posted

    Hi,
     
    I am developing a wcf restful and soap service. I use WebGet attribute in service interface. I define binding="webHttpBinding" in configuration file. How do you security at restful WCF service?
     
    My servicemodel node :

    <system.serviceModel>
        <services>
     
          <service name="TestService.LisansService" behaviorConfiguration="ServiceBehaviors" >
            <endpoint contract="TestService.ILisansService" binding="wsHttpBinding" />
            <endpoint address="json" binding="webHttpBinding" contract="TestService.ILisansService"  behaviorConfiguration="RestServiceBindingBehaviorJSON" bindingConfiguration="webHttpBindingJSON"></endpoint>
            <endpoint address="xml" binding="webHttpBinding" contract="TestService.ILisansService" behaviorConfiguration="RestServiceBindingBehaviorXML" bindingConfiguration="webHttpBindingXml"></endpoint>
     
          </service>
     
        </services>
     
        <behaviors>
          <endpointBehaviors>
            <behavior name="RestServiceBindingBehaviorJSON">
              <webHttp helpEnabled="true" defaultOutgoingResponseFormat="Json" />
            </behavior>
            <behavior name="RestServiceBindingBehaviorXML">
              <webHttp helpEnabled="true" defaultOutgoingResponseFormat="Xml" />
            </behavior>
          </endpointBehaviors>
          <serviceBehaviors>
     
    
            <behavior name="ServiceBehaviors">
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
              <serviceDebug includeExceptionDetailInFaults="false" />
              <serviceCredentials>
                <serviceCertificate findValue="localhost" x509FindType="FindBySubjectName"
                                 storeLocation="LocalMachine" storeName="My" />
                <userNameAuthentication userNamePasswordValidationMode="Custom"
                 customUserNamePasswordValidatorType="TestService.UserAuthentication, TestService" />
              </serviceCredentials>
            </behavior>
            
          </serviceBehaviors>
        </behaviors>
     
        <bindings>
          <wsHttpBinding>
            <binding>
              <security mode="Message">
                <message clientCredentialType="UserName"/>
              </security>
            </binding>
          </wsHttpBinding>
          <webHttpBinding>
     
            <binding name="webHttpBindingXml"></binding>
            <binding name="webHttpBindingJSON">
              <security mode="Transport"></security>
            </binding>
          </webHttpBinding>
        </bindings>
        <protocolMapping>
          <add binding="basicHttpsBinding" scheme="https" />
        </protocolMapping>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
      </system.serviceModel>

    Thanks.

    Wednesday, June 18, 2014 7:53 AM

Answers

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 18, 2014 8:41 AM
  • User-417640953 posted

    I am developing a wcf restful and soap service. I use WebGet attribute in service interface. I define binding="webHttpBinding" in configuration file. How do you security at restful WCF service?

    Hi CanerBAKI,

    Thank you post the issue to asp.net forum.

    First, please note the Rest service is not the soap-based service, it only based on web http protocol.

    Since REST services communicate over HTTP, we can leverage our existing knowledge and security principals

    we use for traditional websites that communicate over HTTP. So we can secure the communication over HTTP by using a SSL certificate.

    For how to do that, please follow below article.

    http://allen-conway-dotnet.blogspot.com/2012/05/creating-wcf-restful-service-and-secure.html

    Thanks.

    Best Regards!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 18, 2014 10:53 PM

All replies

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 18, 2014 8:41 AM
  • User-417640953 posted

    I am developing a wcf restful and soap service. I use WebGet attribute in service interface. I define binding="webHttpBinding" in configuration file. How do you security at restful WCF service?

    Hi CanerBAKI,

    Thank you post the issue to asp.net forum.

    First, please note the Rest service is not the soap-based service, it only based on web http protocol.

    Since REST services communicate over HTTP, we can leverage our existing knowledge and security principals

    we use for traditional websites that communicate over HTTP. So we can secure the communication over HTTP by using a SSL certificate.

    For how to do that, please follow below article.

    http://allen-conway-dotnet.blogspot.com/2012/05/creating-wcf-restful-service-and-secure.html

    Thanks.

    Best Regards!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 18, 2014 10:53 PM