none
How to secure MEX endpoint WCF RRS feed

  • Question

  • suppose i have developed a WCF service with one mex endpoint. now i like to know how can i secure the mex endpoint means that if anyone know my mex endpoint address then that user may not be able to add my mex endpoint address from their VS IDE to create proxy. if user try to do so then windows auth login dialog comes.

    now the question is how then any out side user will be able to call my wcf service. i will distribute my service dll or proxy class related *.cs files or WSDL. so user can add that dll or add those proxy related .cs file or add wsdl to their project to create proxy just to call & consume my service. i am not advance developer so i am not being able to understand how to develop this kind of secure wcf service where user can not add my mex endpoint.

    so just guide me with little wcf sample code & config example from where i can understand what i need to to meet my requirement. thanks

    Wednesday, April 9, 2014 1:53 PM

Answers

  • Hi,

    The metadata endpoint(mex endpoint) uses the default mexHttpBinding, which is not secure. The following the metadata is secured using WSHttpBinding with Message security. And it will use the windows authentication.

    <endpoint address="mex"
           binding="wsHttpBinding"
           bindingConfiguration="Binding2"
           contract="IMetadataExchange" />
         </service>
     </services>
     <bindings>
       <wsHttpBinding>
         <binding name="Binding2">
             <security mode="Message">
           <message clientCredentialType="Windows" />
            </security>
         </binding>
       </wsHttpBinding>
     </bindings>
    
    

    In order for metadata clients to retrieve this metadata, the client must be configured with a matching binding.

    For more information, please try to refer to:
    #Custom Secure Metadata Endpoint:
    http://msdn.microsoft.com/en-us/library/aa395212(v=vs.110).aspx .

     
    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by Mou_kolkata Thursday, April 10, 2014 2:36 PM
    Thursday, April 10, 2014 9:33 AM
    Moderator

All replies

  • Hi,

    The metadata endpoint(mex endpoint) uses the default mexHttpBinding, which is not secure. The following the metadata is secured using WSHttpBinding with Message security. And it will use the windows authentication.

    <endpoint address="mex"
           binding="wsHttpBinding"
           bindingConfiguration="Binding2"
           contract="IMetadataExchange" />
         </service>
     </services>
     <bindings>
       <wsHttpBinding>
         <binding name="Binding2">
             <security mode="Message">
           <message clientCredentialType="Windows" />
            </security>
         </binding>
       </wsHttpBinding>
     </bindings>
    
    

    In order for metadata clients to retrieve this metadata, the client must be configured with a matching binding.

    For more information, please try to refer to:
    #Custom Secure Metadata Endpoint:
    http://msdn.microsoft.com/en-us/library/aa395212(v=vs.110).aspx .

     
    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Marked as answer by Mou_kolkata Thursday, April 10, 2014 2:36 PM
    Thursday, April 10, 2014 9:33 AM
    Moderator
  • thanks for the answer. so what will happen when any client will try to create service adding my service url from VS IDE. any windows login dialog come ?

    after securing mex endpoint how other people will be able to create proxy of my service and how they will be able to call my service ? please share the knowledge. thanks

    Thursday, April 10, 2014 2:38 PM