locked
How client can create & call my wcf service when MEX is secured RRS feed

  • Question

  • User88744855 posted

    here is a secured mex which use credential type windows and message security now i like to know when client will type the mexendpoint address or service address in their VS service reference box then what will happen ?

    any windows auth dialog comes ? if yes then how outside user will be able to create service proxy at their client side ?

    in case of secured mex do i need to distribute contract assembly or proxy class file ? just guide me what i need to give to client to create proxy at their end?

    <endpoint address="mex"
           binding="wsHttpBinding"
           bindingConfiguration="Binding2"
           contract="IMetadataExchange" />
         </service>
     </services>
     <bindings>
       <wsHttpBinding>
         <binding name="Binding2">
             <security mode="Message">
           <message clientCredentialType="Windows" />
            </security>
         </binding>
       </wsHttpBinding>
     </bindings>
    Friday, April 11, 2014 4:56 AM

Answers

  • User-417640953 posted

    do u thing that when mex is secured with biding like windows auth then any out sider can call the mex and create proxy of my service. if it will be possible then what would be the meaning of making the mex endpoint secured?

    Hi mou_inn,

    Thanks for your response.

    As MSDN mentioned below.

    Metadata for a service can contain sensitive information about your application that a malicious user can leverage. Consumers of your service

    may also require a secure mechanism for obtaining metadata about your service. Therefore, it is sometimes necessary to publish your metadata using a secure endpoint.

    Metadata endpoints are generally secured using the standard security mechanisms defined in Windows Communication Foundation (WCF) for securing

    application endpoints. (For more information, see Security Overview.).

    http://msdn.microsoft.com/en-us/library/ms733114(v=vs.110).aspx

    Thanks.

    Best Regards!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, April 15, 2014 7:00 AM

All replies

  • User-417640953 posted

    Hi,

    Generally, client has two ways to create the service proxy. Like below described :

    "The WCF client proxy can be generated manually by using the Service Model Metadata Utility Tool (SvcUtil.exe) for more information see,

    ServiceModel Metadata Utility Tool (Svcutil.exe). The WCF client proxy can also be generated within Visual Studio using the Add Service Reference feature.

    To generate the WCF client proxy using either method the service must be running. If the service is self-hosted you must run the host.

    If the service is hosted in IIS/WAS you do not need to do anything else."

    For more information, please refer to below article.

    http://msdn.microsoft.com/en-us/library/ms734691(v=vs.110).aspx

    Besides, if your service exposed to clients by its' metadata, it is free for clients access the metadata from the address you exposed.

    Thanks.

    Best Regards!

    Monday, April 14, 2014 4:23 AM
  • User88744855 posted

    do u thing that when mex is secured with biding like windows auth then any out sider can call the mex and create proxy of my service. if it will be possible then what would be the meaning of making the mex endpoint secured?

    Tuesday, April 15, 2014 5:59 AM
  • User-417640953 posted

    do u thing that when mex is secured with biding like windows auth then any out sider can call the mex and create proxy of my service. if it will be possible then what would be the meaning of making the mex endpoint secured?

    Hi mou_inn,

    Thanks for your response.

    As MSDN mentioned below.

    Metadata for a service can contain sensitive information about your application that a malicious user can leverage. Consumers of your service

    may also require a secure mechanism for obtaining metadata about your service. Therefore, it is sometimes necessary to publish your metadata using a secure endpoint.

    Metadata endpoints are generally secured using the standard security mechanisms defined in Windows Communication Foundation (WCF) for securing

    application endpoints. (For more information, see Security Overview.).

    http://msdn.microsoft.com/en-us/library/ms733114(v=vs.110).aspx

    Thanks.

    Best Regards!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, April 15, 2014 7:00 AM
  • User88744855 posted

    thanks for your reply. i just like to know when mex is secured then any one can create proxy of my service or not if client know the address of my mex endpoint or service address.

    if the answer is that customer will not be able to create proxy when mex is secured then what are the ways out there by which customer can create proxy of my service ?

    i want to design a secure service and i want that no one can create proxy of my service rather if anyone like to consume my service then he/she will interact me and then i will give them my service contract  or proxy related .cs file then customer can consume my service. so just guide me how could i design this kind of service. thanks

    Tuesday, April 15, 2014 2:22 PM
  • User-417640953 posted

    Hi mou_inn,

    i just like to know when mex is secured then any one can create proxy of my service or not if client know the address of my mex endpoint or service address.

    In my mind, if the service provider publish their service metadata using http or https, any endpoint client can dowload the matedata

    and create corresponding proxy code and configuration file. Secure metadata means that the metadata come from a trusted source and that it not be tampered with.

    Metadata retrieved using the HTTP protocol is sent in clear text and can be tampered with. If the service uses the HttpsGetEnabled and HttpsGetUrl properties,

    use the URL the service creator supplied to download the data using the HTTPS protocol.

    If the service provider not publish the metadata via http or https, client should contact the service creator for documentation that describes the

    security requirements and the metadata.

    Besides, I suggest you reading below article carefully and learn more about this issue.

    http://msdn.microsoft.com/en-us/library/ms731094(v=vs.110).aspx

    Hope that helps, thanks.

    Best Regards!

    Tuesday, April 15, 2014 9:48 PM