Remove From My Forums

WCF Authentication and security with transport

Question
0

Sign in to vote

Hi everyone,

I have been following this P&P guide: http://wcfsecurity.codeplex.com/Wiki/View.aspx?title=Internet%20%u2013%20Web%20to%20Remote%20WCF%20Using%20Transport%20Security%20%28Trusted%20Subsystem%29&referringTitle=Home

They suggest settting up transport security, my question is does transport security with tcp and a windows account encrypt the data transfered back and forth between the service and the client? If so are the headers encypted too or is that a message security only thing?

Another question I have is: I assume when ever your using message security you must have a cert? (I'm finding certs to simply be not feasible when deploying an application to a client, it is often outside of thier technical understanding.)

Sorry for the vague questions.

Thanks,
Maxus

Tuesday, September 1, 2009 9:05 AM

Answers

1

Sign in to vote
Hi,
  you are right,
WCF has two security model:
Transport and Message.
As I know,most cases need sever supply a Certificate,No matter Transport or Message security model.
only except Windows authenticatons.
1.For Window autentcation,The WCF will use windows domain account to valite the sever and client,
   That Window autentcation is the default setting for NetTcpBinding.
It uses Https to encrypt the data .
2.Message security model,you need creat a certificate for the server ,it use to creat tls when negotiation with each other.
    If you use NetTcpBinding for message security ,you need not to create the certifcate.

   but the clients and server must be in one domain.

I have finished two samples for Transport or Message security model using Window autentication
you can down here
：/Files/frank_xl/7.3.WCFServiceSecurityDemoFrankXuLei_Message_Windows_NetTcpBinding.rar
/Files/frank_xl/3.3.WCFServiceSecurityDemoFrankXuLei_Transport_Windows_NetTcpBinding.rar

http://www.cnblogs.com/frank_xl/archive/2009/08/25/1543864.html
http://www.cnblogs.com/frank_xl/archive/2009/08/18/1543861.html

   regards


Frank Xu Lei--谦卑若愚，好学若饥
专注于.NET平台下分布式应用系统开发和企业应用系统集成
Focus on Distributed Applications Development and EAI based on .NET
欢迎访问老徐的中文技术博客：Welcome to My Chinese Technical Blog
欢迎访问微软WCF中文技术论坛：Welcome to Microsoft Chinese WCF Forum
欢迎访问微软WCF英文技术论坛：Welcome to Microsoft English WCF Forum
- Marked as answer by Maxus01 Wednesday, September 2, 2009 1:29 AM
Tuesday, September 1, 2009 12:40 PM
1

Sign in to vote
That's correct. All the security models require a server certificate when the client credentials are not windows credentials. When the service is authenticated the client with windows authentication, the session key in the kerberos token is used to protect the communication as well.

Regards,
Pablo.
Pablo Cibraro - http://weblogs.asp.net/cibrax
- Marked as answer by Maxus01 Wednesday, September 2, 2009 1:29 AM
Tuesday, September 1, 2009 1:33 PM

All replies

1

Sign in to vote
Hi,
  you are right,
WCF has two security model:
Transport and Message.
As I know,most cases need sever supply a Certificate,No matter Transport or Message security model.
only except Windows authenticatons.
1.For Window autentcation,The WCF will use windows domain account to valite the sever and client,
   That Window autentcation is the default setting for NetTcpBinding.
It uses Https to encrypt the data .
2.Message security model,you need creat a certificate for the server ,it use to creat tls when negotiation with each other.
    If you use NetTcpBinding for message security ,you need not to create the certifcate.

   but the clients and server must be in one domain.

I have finished two samples for Transport or Message security model using Window autentication
you can down here
：/Files/frank_xl/7.3.WCFServiceSecurityDemoFrankXuLei_Message_Windows_NetTcpBinding.rar
/Files/frank_xl/3.3.WCFServiceSecurityDemoFrankXuLei_Transport_Windows_NetTcpBinding.rar

http://www.cnblogs.com/frank_xl/archive/2009/08/25/1543864.html
http://www.cnblogs.com/frank_xl/archive/2009/08/18/1543861.html

   regards


Frank Xu Lei--谦卑若愚，好学若饥
专注于.NET平台下分布式应用系统开发和企业应用系统集成
Focus on Distributed Applications Development and EAI based on .NET
欢迎访问老徐的中文技术博客：Welcome to My Chinese Technical Blog
欢迎访问微软WCF中文技术论坛：Welcome to Microsoft Chinese WCF Forum
欢迎访问微软WCF英文技术论坛：Welcome to Microsoft English WCF Forum
- Marked as answer by Maxus01 Wednesday, September 2, 2009 1:29 AM
Tuesday, September 1, 2009 12:40 PM
1

Sign in to vote
That's correct. All the security models require a server certificate when the client credentials are not windows credentials. When the service is authenticated the client with windows authentication, the session key in the kerberos token is used to protect the communication as well.

Regards,
Pablo.
Pablo Cibraro - http://weblogs.asp.net/cibrax
- Marked as answer by Maxus01 Wednesday, September 2, 2009 1:29 AM
Tuesday, September 1, 2009 1:33 PM
0

Sign in to vote

Hi Frank Xu Lei and Pablo Cibraro,

Thank you for your answers, they are perfect, i suspected as much but wanted to double check it. the WCF security model is a complex beast :)

Thanks Again,
Maxus

P.S. I have been reading you blog since forever Pablo, nice work.

Wednesday, September 2, 2009 1:29 AM

Answered by:

WCF Authentication and security with transport

Question

Answers

All replies