WCF / ASMX :: How To Secure Web Service Hosted In IIS

Oct 16, 2010

I need advice on how to secure my WCF web service hosted in IIS. I am new to WCF and would appreciate any sample code, articles to help me restrict access to my WCF service.

I am in the process of testing and deploying a WCF service that will be available on the internet. I need to secure the web service so that only authorized clients can use the service. I need to be able to detect who the client is making the call to the service. The group I am building this service for wants to use Certificate authentication or IP address to Identify the themselves to call my web service. They do not want to use user name and password.

I have found several articles and code snippets for getting the IP address of the client and Certificate authentication. The problem I found using trying to get the IP address of the client is that since my web service his hosted behind a F5 or some type of reverse proxy I cannot get the true IP of the client. The IP that the web services get is the IP of the F5 or the reverse proxy.

For Certificate Authentication I followed the directions from the 9 simple steps to enable X.509 certificates on WCF located here

http://www.codeproject.com/KB/WCF/9StepsWCF.aspx?msg=3181718. I had a few problems using this setup for my web service. 1) To me it seemed like as long as the user presented a valid Certificate they would be able to call my web service.

2) Does Certificate Authentication work when the security mode is set to Transport? In my production environment only HTTPS traffic is allowed through. I setup a Certificate authention on my service following the steps outlined in the article. I used the SSL certificate assigned to my server for the web services. For the client outside the network the service is hosted on, I used one of the certificates I generated when i tested the code locally. I changed the authentication mode of the certificate to chain trust for both the client and the server. I was able to call the service and recieve a message. I thought that since my certificate was self generated using the makecert command that the web services would not authenticate the client for the service.

how I can secure my services to only allow a few approved clients to call call the service.

View 17 Replies


Similar Messages:

Secure IIS Hosted WCF Service For Access Via IE Hosted WinForms User Control

Feb 2, 2011

I have an ASP.Net site using Forms authentication. One of the aspx pages loads a WinForms user control hosted in IE. That control must connect with a WCF service located in the same ASP.Net web site.How can I make the WCF service secure? Currently I have set the WCF service to use AspNetCompatibilityRequirements mode but the user control hosted in IE can't connect to the WCF service as it isn't logged in.

View 1 Replies

WCF / ASMX :: How To Call Web Service Hosted In Window Service And Having End Point Over Tcp

Aug 4, 2010

i have created a normal web service and i want to host it outside IIS. one idea i got is to use window service as hosting environment. i have created a web service and hosted it window service and its window service is running now.would anybody please let me know that how can i call web service hosted in window service binded over soap.tcp. here is my sample code.

[Code]....
[Code]....

View 1 Replies

WCF / ASMX :: Trying To Access A Self Hosted Wcf Service?

Oct 3, 2010

I get this error when trying to access a self hosted wcf service...

[Code]....

Can someone explain what I need to do to get this to work, I do not have any cross domain policy file. And don't know how that is supposed to look like.

View 1 Replies

WCF / ASMX :: Call A Web Service Which Is Hosted In .net Framework?

Oct 11, 2010

I am trying to call a web service which is hosted in .net framework.

Here is my piece of code:

<%
function ValidateUser()
set objSoapClient = server.CreateObject("MSSOAP.SoapClient30")
objSoapClient.ClientProperty("ServerHTTPRequest") = True
Call objSoapClient.mssoapinit("http://10.13.222.240:81/megaservice/UserWS.asmx?WSDL","UserWS")
ValidateUser=objSoapClient.IsUser(2)
End function
%>

And i call the function as

<%
=CalculateDiscount
%>

It is giving error as

Server object error 'ASP 0177 : 800401f3'
Server.CreateObject Failed
/asp/index.asp, line 12
800401f3

i am working on .net and new on asp.I haven't worked on asp and it was pretty easy to call through visual studio in .net but can't do the same for asp

View 3 Replies

WCF / ASMX :: How To Create Secure Web Service

Jul 20, 2010

I am developing web service for my windows mobile application..! But the new requirement is the web service must be an secure..! for example : My web service name is [URL] Instead of that , client wants to [URL] How I create https web service..! I am using visual studio 2008. windows 7

View 1 Replies

WCF / ASMX :: How To Secure A WCF Web Service / Using Traditional "connection String In Web.configâ€

Aug 2, 2010

How do you secure a WCF web service when you are using the traditional "connection string in the web.config"?

I have added a WCF service to an application which uses a JQuery post and returns JSON. The request happens on the client side. The purpose of this service is to return search information while the person is typing text into a textbox.

It works well, but there is a problem because the application will be used by a number of people and I am maintaining a role based security within the applications MS SQL database. The connection string to the database is in the web.config file.

In order to run the JQuery call to the web service the user must have at least read access directly to the database. I want to allow the application to control the access, but removing all security to the WCF service opens the application up for external access by unauthorized users.

View 3 Replies

WCF / ASMX :: How To Access A Wcf Service Hosted On A Server Running On A Virtual Machine On A Windows 2008 R2 Hyperv

Jul 14, 2010

I am trying to access a wcf service hosted on a server running on a virtual machine on a windows 2008 R2 hyperv. When i access this service when running my asp.net website through code everything works fine how ever when i deploy the application on the local IIS , in the deployed mode i am getting an securityaccessdeined exception. My Asp.net app is running on a IIS server on another virtual machine. The stack trace is as given below :

Environment Info: My asp.net app has built on .NET 4.0 framework using VS2010. My WCF services are based on .NET2.0 framework.
Event code: 3005

Event message: An unhandled exception has occurred.

Event time: 14-07-2010 13:56:54

Event time (UTC): 14-07-2010 08:26:54

Event ID: dd1986e7e7dc4473beb908754c75a580

Event sequence: 4

Event occurrence: 1

Event detail code: 0

Application information:

Application domain: /LM/W3SVC/1/ROOT/StratosTest-1-129235696025728041

Trust level: Full

Application Virtual Path: /StratosTest

Application Path: C:inetpubwwwrootStratosTest

Machine name: MC-NEWCODE

Process information:

Process ID: 1752

Process name: w3wp.exe

Account name: IIS APPPOOLASP.NET v4.0 Classic

Exception information:

Exception type: SecurityAccessDeniedException

Exception message: Access is denied.

Server stack trace:

at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)

at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at VMMService.IVirtualMachineManagementService.GetAllVirtualMachines()

at Default2.Page_Load(Object sender, EventArgs e)

at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)

at System.Web.UI.Control.LoadRecursive()

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Request information:

Request URL: http://localhost/StratosTest/Dashboard.aspx

Request path: /StratosTest/Dashboard.aspx

User host address: ::1

User:

Is authenticated: False

Authentication Type:

Thread account name: IIS APPPOOLASP.NET v4.0 Classic

Thread information:

Thread ID: 4

Thread account name: IIS APPPOOLASP.NET v4.0 Classic

Is impersonating: False

Stack trace: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at VMMService.IVirtualMachineManagementService.GetAllVirtualMachines()

at Default2.Page_Load(Object sender, EventArgs e)

at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)

at System.Web.UI.Control.LoadRecursive()

at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Custom event details:

View 1 Replies

Not Able To Execute Web Service Function Remotely When Site Hosted Even Web Service Ip Addresss Is...

Jan 5, 2011

I have asp.net 2.0 site which is calling web services hosted on another server. When i have an xml file from where web service ip for eg. www.mysite/webservice1/myservice.asmx is given. When i call the same server from developer machine using local networkit works fine.But the same is when hosted remotely and from client end when services is called reading xml fiile from client machine it given a message 'remote server not connecting'.

View 1 Replies

WCF / ASMX :: Call Webservice Hosted On IIS From Javascript?

Jan 11, 2011

all My web app is calling webservice which resides in same virtuall directory as web app . In this scenario i have a javascript function like this which works perfectly.

[Code]....

View 2 Replies

C# - SecurityNegotiationException In WCF Service Hosted On IIS 6.0?

Jan 10, 2011

I have hosted a WCF service on IIS. The configuration file is as follows

[code]....

If I host the service on ASP .NET Dev server, it work well but if I host on IIS above mentioned error occurs.

View 6 Replies

How To Make Web Services Secure In C# Both The Asmx And On WCF

Jan 25, 2010

How to make web services secure in asp.net both the asmx and on WCF. Currently we have web services and now are in process of converting them to WCF in some modules in our application. Now as upgradation is in process we like to incorporate security on the web services as we intend to open some of them to all our clients via web (they contain both asmx and WCF as well).

View 1 Replies

Using Autofac For DI Into WCF Service Hosted In Web Application?

Jul 28, 2010

I'm having trouble injecting services dependencies into my WCF service using Autofac 1.4.5. I've read and followed the Autofac wiki page on WcfIntegration but my debugging shows me that my WCF service is created by the System.ServiceModel.Dispatcher.InstanceBehavior.GetInstance() method and not by the AutofacWebServiceHostFactory. What am I doing wrong?

I've set up my ajax.svc file to look like the one in the example for use with WebHttpBinding:

<%@ ServiceHost Language="C#" Debug="true"
Service="Generic.Frontend.Web.Ajax, Generic.Frontend.Web"
Factory="Autofac.Integration.Wcf.AutofacWebServiceHostFactory,
Autofac.Integration.Wcf" %>

My WCF service class Ajax is defined like this:

namespace Generic.Frontend.Web
{
[ServiceContract]
[AspNetCompatibilityRequirements(
RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class Ajax
{
public MapWebService MapWebService { get; set;}.....

The service already works fine but I can't get the Autofac bits (read: creation/injection) to work.

Removing the default constructor unfortunately leads to the following exception:

System.InvalidOperationException: The service type provided could not be loaded as a service because it does not have a default (parameter-less) constructor. To fix the problem, add a default constructor to the type, or pass an instance of the type to the host.

View 3 Replies

Automatic Initialization Of IIS-hosted WCF Service?

Dec 28, 2010

I have an ASP.NET web-site and a WCF service which is called from ASP. The problem is, that during the first client request the site loads aufully slow, cause some time-consuming static objects are being created inside the WCF service. Is it possible to call any service method (by doing this the wcf object will be created), when the site gets loaded in IIS? (I know there is a solution for this problem in ASP 4 and IIS 7.5, but i'd like to know what's about IIS6-7). It is something like "user emulation") Maybe i can add some event handlers in global.asax?

View 1 Replies

Security :: Can Use The Membership Provider Api On A Hosted Service

Oct 16, 2010

Can I use the membership provider api on a hosted service? I can create mssql databases but have no control over iis. Will I be able to use the membership admin webpage on the hosted service?

Am I correct in stating that the api uses ASPNETDB.MDF in the app_data folder as it's database?

View 2 Replies

How To Authorize Users On An WCF Service Hosted In A Website

Jan 29, 2010

I have a WCF service that runs in my web application that provides data to a Silverlight application and is defined as follows (with an appropriate .svc file)....

[ServiceContract(Namespace = "")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class DispatchService [code]...

The idea is that the user logs into the website and is then authorised for all services. I do not want to have a login aspect to my Silverlight application to authenticate users.Therefore I dont want anyone to be able to call my service who is not authenticated.

Could I...Somehow determine this for each Operation Contract. I had a look inside the OperationContext object but couldnt find anthing that stood out as a way to determine who the user was.Somehow attribute the ServiceContract so that the method can only be used by authorised users?Put something in my web.config to stop unathorised users from being able to access the folder containing the services?

View 1 Replies

ADO.NET :: The Model Folder Is Not Being Published To Hosted Service?

Feb 19, 2011

I am working with this tutorial .[URL] In Visual Studio under the WCF REST program called .. TeamTask.Service is see the folding folders and files

[folder] Properties
[folder] References
[folder] AppData
[folder] Model
[file] Global.asax
[file] TeamService.cs
[file] Web.config

Then I use Build...Publish TeamTask.Service to move this up to my shared hosted server....it builds and publishes successfully

When I reset the client to my virtual directory on my domain...it opens and I get an error that I believe is because it can't find and records or tasks

When i look in the folder that was published to I find this:

[folder] AppData
[folder] bin this has a TeamTask.Service.ddl and TeamTask.Service.pdb
[file] Global.asax
[file] web.config

No folder for Model.

View 3 Replies

How To Get ComputerName Of The Webserver Where WCF Service Is Hosted Inside Application

Apr 9, 2010

I have an Asp.net web application which have one WCF hosted inside a .svc file

<%@ ServiceHost Language="C#" Debug="true" Service="MYNameSapce.BatchService" %>

this service is access by some desktop application which have referenced it.

In one of my WCf service method i have to access the path which i were able to get via

string filePathTemp = System.Web.Hosting.HostingEnvironment.ApplicationPhysicalPath + @"UploadFiles" + request.FileName;

Now in one of the method i wanted to get the computer Name of the server.

View 2 Replies

Security :: Share Certificate Between Website And Self-hosted Wcf Service

Feb 12, 2010

If I buy a CA certificate for the one site on the webserver, can I use the same certificate on a self-hosted wcf service.

The wcf service will use wsHttpBinding with username/password authentication.

View 2 Replies

AJAX :: Error While Calling Web Service Hosted In Java

Jun 29, 2010

When I am trying to call a service hosted in Java through .net I am encountering the below error

"WSE839: An HTTP response was received that used the following content type: text/xml; charset=utf-8. The following content type was expected: multipart/related; type=application/xop+xml."

I am using WSE 3.0 for configuring MTOM.

View 2 Replies

Security :: Passing User Credentials To WCV Service Hosted In IIS?

Mar 3, 2010

I'm running an ASP page that is using a WCF client to get some data. How can I set/pass the Network Credentials (of the user that performed the request, not the .net pool thread) on the WCF client so the WCF service will be able to perform impersonation using these credentials ?

View 1 Replies

How To Secure A Web Service Consumed With AJAX

Sep 23, 2010

When a web service is consumed from server side, the web service may be implemented in a way to check credentials of the caller. In the case of calling the web service from javascript, how to secure the service since no credentials can be passed into a javascript function becuase of the visibility in source view?

View 7 Replies

C# - How To Secure A Web Service That Has Forms Authentication

Jul 2, 2010

I have a webservice that's behind form's authentication. The site that hosts the service also serves as a site that requires a user to log in via the login page.I have a second site that needs to be able to access the service that the first site hosts. However, when attempting to access the service, it fails because the service requires that the user is logged in.

View 1 Replies

How To Secure Ajax Web Service Using Javascript

Jan 18, 2011

In my web site i'm using Asp.net web service (using javascript) to update certain values to DB. I'm concered about the security threats. How can i secure ASP.net Ajax web service using javascript

View 6 Replies

Calling Secure Web Service From Anonymous Website?

Feb 1, 2011

I have a web service that is set as secure via the web config:

<authentication mode="Windows" />
<authorization>
<allow roles="METWeb-Admin"/>
<deny users="*"/>
<allow users="METJoeUser;METJoeSmith"/>
</authorization>

And also in IIS 7 (Windows Server 2008) it has the following set for Authentication:

Anonymous Authentication:Disabled
ASP.NET Impersonation: Disabled
Basic Authentication Disabled
Forms Authentication: Disabled
Windows Authentication: Enabled

The anonymous site I am calling it from in IIS7 is:

Anonymous Authentication:Enabled
ASP.NET Impersonation: Disabled
Basic Authentication Disabled
Forms Authentication: Enabled
Windows Authentication: Disabled

In the Anonymous web site, I call the secure web service via:

moms.momService myMom = new moms.momService();
NetworkCredential netCred = new NetworkCredential(@"username", "password");
strStatus = myMom.createBackupDirectoryAndPrivs(sData);

Everytime I run this, it returns as Unauthorized. I have made sure this user is in the Web-Admin AD Group. I also tried adding the user as an Allow User but still unauthorized. I am pretty sure the problem lies somewhere in IIS but not sure what else to check.

BTW: For what it's worth, if I run the Anonymous site via VS2010 development on my dev box, and call the secure site using above code, it works fine. This is why I am thinking IIS on the PROD server.

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved