WCF / ASMX :: SSO Authentication Token And POX Interfaces
Jul 28, 2010
We have a SSO authentication service that other externally facing web pages and services use to authenticate users. A user tries to reach a service, if no cookie is found containing an authentication token, they are redirected (HTTP 302) to the SingleSignOn authentication service. The auth service does it's work, and redirects the user (HTTP 302) to the original URL with their encrypted authentication token in the URL. Great. How can I invoke this from a WCF POX service? No SOAP here, just HTTP GET/POST with XML responses.
What I'm currently doing is, in each service method implementation method, checking the headers for the cookie. If the cookie exists, verify the auth token and process the request. If the cookie doesn't exist or the auth token has expired, then respond with:
[Code]....
That works, but isn't integrated with any of the WCF features, and requires me to manually code for a whole bunch of scenarios. Is there a way I could implement this using these classes:
[Code]....
or use some other means that checks each request to the service? I've been reading pages like: How to: Create a Custom Token, but I don't see how it applies to my needs. I'm looking into this because I have some time before my project kicks off, and I'd like to implement this project correctly and learn about WCF as much as I can.
View 2 Replies
Similar Messages:
Oct 20, 2012
Can interface inherit othe class or more than one class? Can we create constructor of the interfaces?
View 1 Replies
Sep 15, 2010
I'm working on a solution to part of my companys site that is done in 2 different languages. My part of the project is in ASP.NET, and the login portal is in a different language. We pass authentication credentials by storing login information in the database on the portal page and then sending a corresponding token to the URL in the page written in .NET. Almost all the tutorials and articles I've read about security for ASP.NET, and most languages, the message has generally been "just use the built in stuff and don't mess with it".
I have code that takes the token, goes into the database and gets the user details.. what do I do then to integrate that into the built-in security stuff for ASP.NET? I'd like to ultimately use Action Filters for authorization on my controllers.
View 1 Replies
Jul 9, 2010
I have a build a new 3 tier application (Web,Application,Data tier). The application tier (middle tier) will host wcf web services. I build my service classes, define bindings , contracts etc which does the core business logic, data access and updates.
Now I have around 50 external clients who would want services from my application tier. But my problem is client A might send a flat file request, client B might sends a comma separated file request, client C might be a soap request. The requests further may be either real time or batch. My services may have to send data back to the caller either in a flat file.., xml or a soap response or other formats. The response might also be either batch or real time.
1)Is there a way to standardize the interface for all these 50 clients accessing my WCF services ?
2) If an external client sends a flat file via FTP (intended to serve as input to my service), how do I get this flat file data to hit my service. (Assuming that the legacy system is not service based and hence the external client just sends a file and is not aware of any services of the new system)
View 1 Replies
Oct 30, 2010
I have an asp.net site. Its a mixture of web forms and MVC2.
I have this on 2 different servers which I get to via different urls.
On one server authentication works fine via all browsers (IE 8, FF 3.6, Chrome)
On the other IE 8 fails, it doesn't send back the cookie on the request to the page after authenticating.
Using Fiddler I have seen that both sites attempt to set the cookie, in the response from the login page.
Response Header I see from both servers
Set-Cookie: DemandLaunch=CCA4...E79C2D1; path=/; HttpOnly
Both sites are in the internet zone of IE.
I'm at a loose for what to check now.
I also have a page that sets a cookie via c# code and that cookie fails in IE as well.
The IE issue is not on a single computer either. I see this failure on 4 different computers Internet Explorer.
My urls which I should have included were:
beta.[site].com - works
beta_[company].[site].com - fails
View 1 Replies
Mar 2, 2010
How to create Uniue Token with properties like expiration time,
Any standars method provided by Microsoft,
View 2 Replies
Feb 21, 2011
I'm trying to get a ASP.NET application to use windows authentication. I have disabled anonymous auth and enabled windows auth in IIS7. On my dev box (my workstation, localhost) I can use fiddler and see proper token is passed in through the header and I'm not prompted. Everything is working fine and I'm authenticated as my domain user.
However, on a remote server on our domain, with identical settings, I continually get prompted. We need it to automatically send the domain authentication for windows auth.
Does anything in IE need to be configured for this to happen for a remote machine on the same domain?
View 2 Replies
Apr 4, 2011
I have an existing asp.net mvc website that uses basic forms authentication. The site has a login page that posts back to a login action, which logs the user in via FormsAuthentication.SetAuthCookie(). I am looking to add an api to the site, as an mvc2 area, where users would be authenticated based on a token passed as an http header. This area will consist of only json actions, so redirecting the user to a login page doesn't make sense. Instead, I want the users to just pass a token along with each request. That token is mapped to each user account and the user would be authenticated automatically.
I'm struggling with where to put this logic. At this point, the best choice seems to be adding the header lookup logic and authentication to the Global.asax in the Application_AuthenticateRequest method. I want to avoid needing to redirect the user after calling FormsAuthentication.SetAuthCookie(), though. I want the login action to be transparent to them. Am I approaching this the wrong way? As a side note: Requiring a username/password for api requests is not possible, as the site has a mix of users. Some joined using OpenID while the rest joined with a username/password.
View 1 Replies
Jun 14, 2010
So I have an asp.net Web Application (Not Web Site) that I am trying to support profiles for anonymous users. I have a form and I want anonymous users to be able to enter their name and email only once, and have that information automatically accessible on the next load for them.
In my Web.config I have anonymous ID setup like so:
<anonymousIdentification enabled="true" cookieless="AutoDetect" />
I have my profile section setup like this:
<profile defaultProvider="SqlProvider" enabled="true" inherits="QA_Web_Tools.UserProfile">
<providers>
<clear />
<add connectionStringName="QAToolsConnectionString" name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider" />
</providers>
</profile>
Finally, due to my app being a Web App and not a Web Site, I am using the profiles via this custom object:
public class UserProfile : ProfileBase
{
public static UserProfile GetUserProfile(string username)
{
return Create(username) as UserProfile;
}
public static UserProfile GetUserProfile()
{
return Create(Membership.GetUser().UserName) as UserProfile;
}
[SettingsAllowAnonymous(true)]
public string FullName
{
get { return base["FullName"] as string; }
set { base["FullName"] = value; }
}
[SettingsAllowAnonymous(true)]
public string BuildEmail
{
get { return base["BuildEmail"] as string; }
set { base["BuildEvmail"] = value; }
}
}
This code is based off of this reference. The issue is that that code does not support anonymous users, or if it does I don't know how. I can't use the GetUserProfile() method with no parameters because if the user is anonymous, Membership.GetUser() is null. I could pass in the anonymous ID token into the first GetUserProfile(string username) method but I cant' find any way to get the anonymous ID token for the current user. Does anyone know how to get this information? Google doesn't seem to be returning useful results.
View 1 Replies
Jul 16, 2010
In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?
View 1 Replies
Jan 21, 2011
I have a silverlight application and I want to provide windows authentication to the application through WCF.
View 1 Replies
Feb 10, 2011
how to publish a service with authentication
View 2 Replies
May 14, 2010
By default web service is enable for windows authentication. But if we want to expose our service to public domain, then I guess we have to use some specific credential for web service authentication. Can anyone tell me how to set those credential at service side and validate it for client and how the client will send those credentials?
View 1 Replies
Dec 30, 2010
We are gonna call web service with username and password. how to implement this on a web service client?
View 1 Replies
Oct 5, 2010
I have a WCF application set up to use UserName authentication through the built in MembershipProvider. When I call up a simple test function to see if the user is authenticated I get false. I've included as much info as I can.
The simple method in WCF:
[Code]....
Identity.Username and all that is blank as well.
This is the test code I'm using (from a test project):
[Code]....
And here are the relevant sections of web.config:
[Code]....
View 1 Replies
Nov 1, 2010
How to implement form authentication wcf service?
View 1 Replies
Sep 30, 2010
i call my project web service, previously there was no pre-authetication. Now i didn't work web service. My code is as follows:
[Code]....
View 5 Replies
Sep 15, 2010
I am using Kerberos as the Authentication mode for a WCF Client to interact with an ASMX Web Service. I am using customBinding in the WCF Client. I am getting the below mentioned Fault Exception when I invoke the HelloWorld Method by creating a Proxy using SVCUTIL.
`System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapException:
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.InvalidOperationException: WSE914: This instance of derived key token does not support encryption, decryption, or key wrapping. It can only be used to sign or verify signature. Please make sure that the length of the derived key matches the length of the key required by the symmetric encryption algorithm configured for the derived key token manager.
at Microsoft.Web.Services3.Security.Tokens.DerivedKeyToken.Psha1SymmetricKeyAlgorithm.get_EncryptionFormatter()
at Microsoft.Web.Services3.Security.EncryptedData.ResolveDecryptionKey(String algorithmUri, KeyInfo keyInfo)
at Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement encryptedElement)
I am badly struck with this exception and unable to progress further.
View 2 Replies
Feb 18, 2011
how to implement WCF username authentication with a custom validator in both client side and server side. I am trying this since last 2 days. but no result.
View 7 Replies
Jan 5, 2011
1. i am calling wsdl of api it is asking for username and password . I configured that and now i am able to see wsdl 2. i have an this API from my wcf application , first i have tried with WCF service application . i add the API as WEBrefrence and created code like that
localhost.WebServicesSessionSpringBeanService service= new localhost.WebServicesSessionSpringBeanService();
View 2 Replies
Mar 3, 2011
I have a production web application that uses <authentication mode="Windows"/> I have added an .asmx page with a method in it. I'd like to test making calls to it from a separate client web app. When I do this I get the error: The request failed with HTTP status 401: Access Denied What do I need to do in my client app to access this webservice?
View 2 Replies
Jan 12, 2011
I am having a scenario, where i need to decode ASP.NET FormsAuthentication Cookie in other language to accomplish Single Sign-On.
I am having a ASP.NET website, that also has WCF Authentication service. But I have just come know that even Java and PHP Application are also going to use my Authentication Gateway to authenticate user and so enable Single Sing-On.
I am done with the same in .NET application but to perform same in non-.NET techs, I need to decode FormsAuthentication Cookie of browser. FormsAuthentication Cookie are Encrypted so there must exist a algorithm that can decode it or a kind of dll that I can load in Java and read it.
View 1 Replies
Feb 9, 2011
I have just started building an asp.net web service with visual studio 2005. However whenever i try and run the site i get this message, saying "debugging failed because integrated windows authentication is not enabled". I am at a loss of how to correct this problem.
View 1 Replies
Aug 25, 2010
I have an XML web service where the authentication used is BASIC WINDOWS. Following is my client code to connect to the service.
[Code]....
Now, the issue is that the client is really authenticated only in the first attempt(First time I execute the code in VS). Further attempts succeed even if the code to assign credentials is commented or even after providing wrong user id/ password. I ensured that the server is hit each time(Just to make it clear that it not just because of client side caching).Is this the behavior of Basic authentication/credential cache. I would prefer the client be authenticated each time he hits the server.
View 2 Replies
Aug 16, 2010
One of our client uses squid proxy and tries to connect to our asmx web service(which is deployed on our server over internet) via our windows application. But windows application fails to connect to our web service and gives below error.."This method call needs the custom bla bla.. " Soap ExceptionProxy (squid) shows this error:127.0.0.1 - - [10/Aug/2010:14:35:55 +0300] "POST http://abc:83/service.asmx HTTP/1.1" 500 759 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.4927)" TCP_MISS DIRECTWe have used soap header security and we are also passing soap header credential while calling the service. Application runs well at our end but can anybody guid me, what could be the problem ?
View 4 Replies
