WCF Data Services announcement
-
Link
-
Link
Over the weekend the ASP.NET team released a Microsoft Security Advisory about a security vulnerability found in ASP.NET:
http://www.microsoft.com/technet/security/advisory/2416728.mspx
The WCF Data Services team looked into the issue and don’t believe there is any additional exposure to the vulnerability beyond what is exposed by ASP.NET. However, if the WCF Data Service is hosted in ASP.NET, it is quite possible that the vulnerability is present. If any users use the ASP.Net encryption logic to hide sensitive information from the client and use that encrypted data to make decisions in the WCF Data Service, they can run into this issue. Below are few examples:
· If you use an encrypted cookie to make decisions to which database to connect in CreateDataSource method
· If you use an encrypted cookie to figure out whether the user is an admin rather than using RoleManager in the server
· If you use an encrypted cookie to apply business logic in change/query interceptors
For a complete description of the vulnerability, please read Scottgu’s post on the subject:
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
Andrew Conrad
WCF Data Services Development Lead
Microsoft Corp
-
Link
New to OData? Go to http://odata.org to learn the nuts and bolts of the protocol, see who is using it today, and learn the scenarios that drove the creation of the protocol.
-
Link
The WCF Data Services team is beginning to explore improvements and new features for our next release. As part of this process, it’s critical that we hear your feedback, as it helps us ensure that what we build actually meets your requirements in real-world scenarios. To enable this we’ve launched a new site that will allow you to interact more directly with the development team and provide input: http://dataservices.mswish.net .
The site’s pretty simple and self-explanatory – you can add a new feature request or vote for feature requests that are already there. We hope you’ll try it out and vote on the features you most want to see added. Finally, as features move from ideas into actual development we’ll post our thoughts and ideas to the team blog at http://blogs.msdn.com/astoriateam
-Mike Flasko
Lead Program Manager, Microsoft
-
0 VotesUpdate your network configuration to allow communication with existing Azure SQL Database gateways by 15 September 2020
I received an email from Azure re my SQL database to "update your network configuration to allow communication with existing Azure SQL Database gateways by 15 September 2020" and I'm not ...
-
0 Votes
Proper Cores/Executors Configuration in HD-Insight
I've the following Spark Cluster running in hd insight And for this cluster i've this ... -
0 Votes
Azure App Service
We are currently implementing the change in Project Online at Our Client and we have an issue we’ve never encountered before.Project Online events are handled by publicly available WCF services ... -
0 Votes
Issue with otlook web app exchange 2010
System.ArgumentException: This collection already contains an address with scheme https. There can be at most one address per scheme in this collection. Parameter name: ... -
0 Votes
WCF wildcard certificate issue
I had a WCF service working with a certificate bound to the name system.domain.com. The client configuration was: <identity> <dns ... -
0 Votes
Content type type 'application/soap+msbin1'.
Hi, I am calling WCF service from JQURY and i am getting error Cannot process the message because the content type 'application/json; ... -
1 Votes
413 Error in WCF Data Services - Request Entity Too Large
I am getting this error when I am trying to send a string of length 68000 characters to the service to insert into the DB. But on the context.savechanges() line, it is giving this ...Unanswered | 2 Replies | 3859 Views | Created by Preeti Nayak - Wednesday, July 17, 2013 3:09 AM | Last reply by s.roe - Tuesday, November 26, 2019 9:44 AM -
0 Votes
WCF Web Service - can't get an HTTP GET method
Thank you in advance to anyone who takes the time to review this issue - I realize WCF may be ancient history and this issue may have been rehashed a billion different times elsewhere but I can't ...Unanswered | 0 Replies | 867 Views | Created by AndrewB_at_PAC - Thursday, October 31, 2019 10:33 PM -
0 Votes
Getting error when adding a service reference to a WCF data service
Hi, I am a beginner learning C# from a book. I have created a simple WCF data service named NorthwindsWCFDataService successfully. I then created a simple console-based ... -
0 Votes
Multiple contracts in one WCF service_But error for calling the second contract "Multiple filters matched."
I have multiple contracts in one WCF: namespace SysLap.Services.Web.DataExtractor { [ServiceContract] public interface ... -
0 Votes
generate job to generate sprite thumbnail on azure media service with node.js
i generate this request to generate sprite thumbnail on azure media service with node.js This is request: var ... -
0 Votes
generate request to generate job that generate sprite thumbnail on azure media service
when i try to generate request to generate job that generate sprite thumbnail on azure media service the result is : : error { Error: read ... -
0 Votes
the method 'Any' is not supported when MaxProtocolVersion is less than '3.0'
I have recently upgraded my project from .NET Framework 4.5.1 to 4.7.2 and added a WCF service reference in the project. When I add service reference to .NET ... -
0 Votes
How to enable gzip compression in self-hosted WCF data service?
How to do it? I have found only IIS gzip support so far. Our WCF data services use SQL Server 2014/2016/2017Entity Framework ...Unanswered | 0 Replies | 1398 Views | Created by Marek Ištvánek, HaSaM - Monday, February 25, 2019 3:59 PM -
0 Votes
-
1 Votes
how to log json format of odata entity using c#?
I want to log the json format of odata (microsoft.dynamics.dataentities)entity using c#. I am using context.savechanges() method and during this time i want to save json format of ... -
2 Votes
How to dynamically generate service operations for a WCF Data Service
Is it possible to dynamically register service operations for a WCF Data Service, in a similar way that entities can be dynamically exposed via a custom IDataServiceMetadataProvider?Answered | 5 Replies | 4345 Views | Created by MTraudt - Sunday, May 27, 2012 6:42 PM | Last reply by Sergiy Bukharin - Thursday, November 22, 2018 2:44 PM -
0 Votes
Querying OData feed with an anonymous type returned
I've bene using the DataServiceCollection to query my OData service so far. However I now need to create an anonymous type in my query (from a join where one part of the join is coming from a local ...Answered | 2 Replies | 7097 Views | Created by Andrew Connell [MVP] - Thursday, December 16, 2010 12:20 PM | Last reply by Soundman333222 - Thursday, October 18, 2018 10:28 AM -
0 Votes
Trouble Decrypting Response from Java in WCF
Hello MSDN Community, I have become stuck, and would love and appreciate some assistance! I am creating a WCF service to connect to a clients system that is running Java. This ...Unanswered | 0 Replies | 1410 Views | Created by MSDNPublicProfile - Thursday, September 27, 2018 2:34 PM -
0 Votes
What If windows OS became a fortress ?
Windows OS is one of the widest used OS in the world because of flexibility. I Think Microsoft has achieved very much in that but now they have to move towards the Security and provides daily ...Discussion | 0 Replies | 1228 Views | Created by Sami Ahmad Sial - Thursday, September 27, 2018 11:22 AM - Items 1 to 20 of 3277 Next ›
WCF Data Services announcement
-
Link
-
Link
Over the weekend the ASP.NET team released a Microsoft Security Advisory about a security vulnerability found in ASP.NET:
http://www.microsoft.com/technet/security/advisory/2416728.mspx
The WCF Data Services team looked into the issue and don’t believe there is any additional exposure to the vulnerability beyond what is exposed by ASP.NET. However, if the WCF Data Service is hosted in ASP.NET, it is quite possible that the vulnerability is present. If any users use the ASP.Net encryption logic to hide sensitive information from the client and use that encrypted data to make decisions in the WCF Data Service, they can run into this issue. Below are few examples:
· If you use an encrypted cookie to make decisions to which database to connect in CreateDataSource method
· If you use an encrypted cookie to figure out whether the user is an admin rather than using RoleManager in the server
· If you use an encrypted cookie to apply business logic in change/query interceptors
For a complete description of the vulnerability, please read Scottgu’s post on the subject:
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
Andrew Conrad
WCF Data Services Development Lead
Microsoft Corp
-
Link
New to OData? Go to http://odata.org to learn the nuts and bolts of the protocol, see who is using it today, and learn the scenarios that drove the creation of the protocol.
-
Link
The WCF Data Services team is beginning to explore improvements and new features for our next release. As part of this process, it’s critical that we hear your feedback, as it helps us ensure that what we build actually meets your requirements in real-world scenarios. To enable this we’ve launched a new site that will allow you to interact more directly with the development team and provide input: http://dataservices.mswish.net .
The site’s pretty simple and self-explanatory – you can add a new feature request or vote for feature requests that are already there. We hope you’ll try it out and vote on the features you most want to see added. Finally, as features move from ideas into actual development we’ll post our thoughts and ideas to the team blog at http://blogs.msdn.com/astoriateam
-Mike Flasko
Lead Program Manager, Microsoft
