none
WCF Sample help RRS feed

  • Question


  • I am putting together a proof of concept as part of a WCF service strategy for a client.

    We would like to prove the concept of using Certificates to secure WCF as well as using the Routing Service.

     

    I have found examples of each and I have managed to create:

    • A project that uses Certificates to secure WCF between a client and the server
    • A project that uses WCF Routing to route requests from a client through a routing service to the final destination service

     

    I am now trying to take the WCF Routing project and add the Certificates elements from the other project but I am having difficulties.

     

    Do you have an example of what I would like to achieve that I can use as a blueprint for my proof of concept?

    One thing I forgot to mention is that we would like to achieve the following:

     

    • Client to the WCF Routing Server would use Certificates
    • The WCF Routing Server to the Internal Client Server would just be configured endpoints as we wish to terminate the Certificates at the WCF Routing Server



    Wednesday, March 26, 2014 8:28 PM

Answers

  • Hi,

    >>We would like to prove the concept of using Certificates to secure WCF as well as using the Routing Service

    If you want to achieve the above, then there are several aspects you need to check:

    1.If your using self-signed certificates in your development environment, make sure they are registered properly.
    2.If your using two different machines you will have to export the service certificate to the router service machine. your self signed certs will need to be registered using the machine name rather than localhost.
    3.The machine have the clock set correctly or you have trust this certificate. For more about this, please check these posts.

    http://social.msdn.microsoft.com/Forums/vstudio/en-US/b2be687f-cd5d-4a70-aa6e-49ff3e3d4391/soap-client-wcf-routing-service-the-client-certificate-is-not-provided-specify-a-client?forum=wcf .

    http://social.msdn.microsoft.com/Forums/vstudio/en-US/b9fe0a01-0149-42fa-b651-6268aed27eda/wcf-router-to-pass-client-certificate-to-service?forum=wcf .

    And the config file will be something like this:

      <bindings>
    
            <customBinding>
                <!-- Security Off version-->
                <binding name="customBindingNotSecure">
                    <textMessageEncoding messageVersion="Soap12WSAddressing10"/>
                    <httpTransport />
                </binding>
    
                <!-- Security On -->
                <binding name="customBindingSecure">
    
                    <textMessageEncoding messageVersion="Soap12WSAddressing10">
                    </textMessageEncoding>
                    <security authenticationMode="UserNameOverTransport" />
                    <httpsTransport  />
                </binding>
    
                <binding name="platoneBinding">
                    <textMessageEncoding messageVersion="Soap12WSAddressing10" />
                    <httpsTransport maxReceivedMessageSize="1000000" maxBufferPoolSize="1000000" maxBufferSize="1000000" />
                </binding>
    
            </customBinding>
    
    
        </bindings>
    
        <services>
            <service behaviorConfiguration="routingService" name="System.ServiceModel.Routing.RoutingService">
                <endpoint address=""
                  binding="customBinding"
                  name="reqReplyEndpoint"
                  contract="System.ServiceModel.Routing.IRequestReplyRouter"  bindingConfiguration="customBindingSecure"/>
    
                <endpoint address=""
                  binding="customBinding"
                  name="reqReplyEndpointHttp"
                  contract="System.ServiceModel.Routing.IRequestReplyRouter"
        bindingConfiguration="customBindingNotSecure"/>
    
            </service>
    
    
        </services>
        <behaviors>
    
            <endpointBehaviors>
                <behavior name="CustomClientBehavior">
                    <clientCredentials>
                        <serviceCertificate>
                            <defaultCertificate findValue="serverx509v1" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
                            <authentication customCertificateValidatorType="com.abodata.plat1.WCFProxy.PlatoneCertificateValidator, PlatoneWSRelay"
                             certificateValidationMode="Custom" revocationMode="NoCheck" />
                        </serviceCertificate>
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
    
            <serviceBehaviors>
                <behavior name="routingService">
                    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                    <routing routeOnHeadersOnly="true" filterTableName="routingTable1" />
                    <serviceCredentials>
    
                        <clientCertificate>
    
                            <authentication customCertificateValidatorType="com.abodata.plat1.WCFProxy.PlatoneCertificateValidator, PlatoneWSRelay"
                             certificateValidationMode="Custom" revocationMode="NoCheck" />
                        </clientCertificate>
                        <userNameAuthentication userNamePasswordValidationMode="Custom"
                         customUserNamePasswordValidatorType="com.abodata.plat1.WCFProxy.UsernameValidator, PlatoneWSRelay" />
    
                    </serviceCredentials>
    
                </behavior>
    
                <behavior name="">
                    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                </behavior>
    
    
            </serviceBehaviors>
        </behaviors>
    
        <routing>
            <filters>
                <filter name="MatchAllFilter1" filterType="MatchAll" />
            </filters>
            <filterTables>
                <filterTable name="routingTable1">
                    <add filterName="MatchAllFilter1" endpointName="PlatoneWSService" />
                </filterTable>
            </filterTables>
    
        </routing>
    
        <client>
            <endpoint address="https://10.0.2.243:9006/Persistence"
             binding="customBinding" bindingConfiguration="platoneBinding"
             contract="*" name="PlatoneWSService">
    
                <identity>
     <dns value="serverx509v1" />
    </identity>
            </endpoint>
        </client>
    
    
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    </system.serviceModel>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
    </system.webServer>

    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Thursday, March 27, 2014 2:52 AM
    Moderator