We are working with a vendor to develop a mobile app and plan on using WCF services to handle operations. What are some types of authentication I can use with a WCF service? Would we send a user name and password through the SOAP header? How can we accomplish this securely?
Also, this will be authenticated against our .NET membership database using the Membership classes.
I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".
I also have a WCF service, which I want to authenticate and authorize against. My problem is that:
the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the
method some degree of rejecting users if permissions don't match (ideally this should be performed
within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport
I have my service contract set up thus:
[ServiceContract]
public interface ISupportService
{
[OperationContract]
[PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")]
List<BaseInterestRate> GetAllBaseInterestRates();
}
the code is simple enough:
public class SupportService : ISupportService
{
public List<BaseInterestRate> GetAllBaseInterestRates()
{
OperationContext operationContext = OperationContext.Current;
ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null
using (xxxEntities entities = new xxxEntities())
{
return new List<BaseInterestRate>(entities.BaseInterestRates);
}
}}
My service configuration is thus:
-->
<behaviors>
<serviceBehaviors>
<behavior name="SupportServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="SqlMembershipProvider" />
</serviceCredentials>
</behavior>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Having already configured the MembershipProvider:
<membership defaultProvider="SqlMembershipProvider" >
<providers>
<clear/>
<add name="SqlMembershipProvider"
connectionStringName="SqlMembershipProvider"
applicationName="xxx"
type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="SqlMembershipProvider" applicationName="xxx"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="xxx" name="AspNetWindowsTokenRoleProvider
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
I have followed the instructions at these pages to the letter:
How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN)
How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN)
How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN)
Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)
I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".
My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.
Am I missing something?
I have created an android app, that registering to google c2dm service. And It's getting a registration_id token from c2dm services successfully. I already signed Android Cloud to Device Messaging form and I received confirmation email from c2dm service.Everything seems ok in client side, it's getting registration_id in simulator environment. So, it's ok. But, On server side, It's authenticating google service, it's receiving Auth code then it's invoking to c2dm send url with below code.
public void SendMessage(string registrationId, string data)
{
ServicePointManager.ServerCertificateValidationCallback += delegate(
[code]...
I am creating a website with a secure login, here I have users who register for my web site with their Credentials. When the user finishes the registration process & logs in to his/her account, there is a button called activate. Unless they click the activate button, they can't progress. Upon clicking the button, an activation code is sent to the mobile no(as a sms), which the user has given during registration.. I am using net framework 3.5, asp.net,C# and SQL Server 2005, I am doing this with web service, I have got my web service, but its not that accurate.. here i am using web service from .. [URL] .. here i want to know how to send sms in asp.net using web service?
View 1 RepliesI'm new to developing mobile apps and have hit a brick wall. I use Web Services all the time so I know I have created it correctly and it works. The issue is that i cant seem to add it to my class or form in the Smart Device Project.
When I right click I get the option to add Web Reference, I then navigate to the url and add as I normally would. When I then try to access the service I cant seem to navigat to it from code and it is not available. I have also tried adding a Web Service directly by 'Add New Item, but this file type is not available in the list of installed templates.
I am trying to start a new mobile web application project but cannot find the mobile page template originally available on VS 2005, nor can I get the mobile web controls to display in the toolbox even though I have then all selected in the tool-> select toolbox items why? and what can I do?
View 1 RepliesI am developing a web based application for a Motorolla Mc 9090, it is a wireless barcode scanner running windows mobile 5.0.
The idea is to centralize the inventory in one database, by scanning items, serials, bins etc.
I have a set of pages each containg forms, where the user will have to scan an item, and automaticall the scanner has a carriege return (ENTER key) the idea was to have the user simply scan, and the page would automatically click the button posting to server for processing and then the server would reply.
For some reason i cannot get the focus() to work as well as the defaultbutton propperty of the form. There is also 1 more problem, the readOnly textboxes look the same as the non readOnly textboxes, even with the backcolor property changed.(guessing this is just MS)
I have an assignment to develop a mobile application for My company's customers (around 250000). its could be download from our website or we can also provide to our customers those are visiting our branches, on their demand.Requirments:
View 5 RepliesI'm developing a office site but i wnt to include popup in tht but all mobile is not support fully to javascript & jquery . ........
View 1 Repliesi want to develop an asp.net mobile web application whith Ajax features. i dont khnow whether these technologies are supported in mobile developpement?
what stups should i follow to make such project ( IDE + SDK....) . finally what are free windows mobile emulator ( except Microsoft ones)?
How to get current location of mobile using any mobileno.It is possible using Asp.net?
View 1 RepliesI am developing a mobile application that requires text entry in a mobile:textbox component. I want it to only accept numeric and "#*". when I press the "1" key on my mobile phone it should enter a "1", not "a", "b", "c", etc.
View 29 RepliesI have developed one website in asp.net and now I want to open the same website in mobile devices.now i want to develop that for mobile users. I tried with .net mobile controls but it is not full filling my requirements. In the web page if combine the .net mobile controls with Asp.net controls Is it give any problem in the browser (at the time of rendering the controls in browser) in any of the devices like Nokia, iphone, BB. If use html controls in application
View 19 Repliesi am going to start first mobile application.Already Vs 2008 installed, but no Mobile SDK.So please tell which SDK i have to install to start up my first mobile application?Or some VS 2008 plugin requires for Mobile application
View 3 RepliesI have a java app with a .net application running in the java applications embedded browser.
I want the java application to call a .net WCF or web service with a username and password.
The wcf will set the user to authorized in forms authentication.
In the java desktop application I will then load a .aspx page that was protected via forms authentication.
How can I accomplish this? Is it even possible...?
I have an ASP.NET 3.5 Web Application using the Default membership provide provided by .NET - I have created a login page and create user page, etc. etc... The problem is, if you're on the site and you are authenticated, and then you go to a link on the same authenticated folder (Called MemberPages) but you go to a SSL location, it asks you to enter your username and password again! Is there anyway to fix this bug.HomePage -> Login.aspx -> Enter your username and password -> Access MemberPages/Default.aspx -> Then a link called Purchase a Product -> suppose to take you to[URL]
View 1 RepliesDoes anyone have an example of authenticating through a webservice ?I have a website that allows users to login in using the <asp:Login> control.After they are authenticated I want them to use a webservice to add records, modify records. (The web service will be used later by external sites).I have a webservice up and running which the aspx page "authenticates" to using Profile.UserName.Is there a way to get the aspx page to send the username and password used at log on without having the user enter it each time ?And then how do I authenticate them ? (maybe using Membership.ValidateUser ?)
View 1 RepliesI've noticed that it is possible SQL Server 2005/2008 to authenticate replication accounts using certificates. Is it possible to authenticate .NET SqlConnection in the same manor?
Ideally, I'd like to do away with password authentication completely and have the aspnet user connect using a certificate stored against its account.
I have a website that requires a login. I'm used the login wizard in asp.net 2008. The site is in vesion 2.0 as that is what the hosting company allows. The login scipt apprears to work appropriately in that if the the wrong username or password is entered the error appears and the url for the login page doesn't work. Once the correct identification info is entered, the user is taken to the correct url.
The problem is that the username does not seem to "stick" for lack of a better word. The site is used to order wedding photos. The user selects the photos and all the required date EXCEPT the user name is entered into the database. This is a problem since there is no way to filter the order when the person goes to the shopping cart therefore the shopping cart opens with no product in it. To make matters more frustrating, IT USED TO WORK! I don't understand why its not working now.
The hosting company, 1and1.com has looked over the code and can't find anything wrong with it. Their one suggestion was to add the following "patch" code to the web.config file as a "work around", and if that didn't work to try using vwd 2010. I'm hesitant to do that since I've not used it before and don't want to make matters worse.
I'm including my web.config page as well as a sample of the code behind to see
[Code]....
I used your url...to read mail and I downloaded your project when I run project I filled my gmail credential : smtp.gmail.com, uid, password and port=995 and checked SSL but I gor error.You cannot get the message count without authenticating yourself towards the server first.
View 1 Repliesi m creating asp.net Mobile website page to download symbian .sis file to mobile ,but its not geting download properly.its working perfectly on desktop.
View 2 RepliesNeed to learn mobile development for web applications( .net 2.0).
View 3 Repliestrying to create a stored procedure to authenticate users, if users are authenticated their data like userid, first name, etc are returned in a cursor. However, if users are not authenticated an error is returned or something that indicates users were not authenticated.
But I don't know how to do this in a stored procedure.
I have a main website say www.main.com which is developed in asp.net. We have used forms authetications here.
Now the thing is I have a no of subdomains on the same server say domain1.main.com, domain2.main.com, domain3.main.com etc.
I had put some functionality there. What i want is when i redirect my users to the subdomains user has to log in again.
what are the method where i can preserve the users state in my subdomains also.
I have a asp.net (3.5) web-app that will be used in an intranet. I need to enforce that users type in their network credentials (windows credentials) before they can log into this application. I intentionally need to disallow Integrated Windows Authentication. I need to authenticate these users against my company's Active Directory, that is obviously on the same network as my .net web app.
I have been reading a bit about Forms Authentication using ActiveDirectoryMembershipProvider - [URL]. I also stumbled upon this - [URL]. Based on what I can tell, both seem to do what I need to get done. Could somebody tell me what are the major differences, pros/cons and when you would use which method? Or are these exactly identical, and both achieve the exact same results?
From the security perspective...what do I need to watch for? I am assuming if I use SSL that will cover me for when I pass the username/pwd to AD for verification?