WCF / ASMX :: Web Services: To Authenticate Sign Client Assembly?
Jul 21, 2010
I have an application that exposes a number of ASP.NET web services at an internet location. For security reasons, I want to be able to authenticate clients, and reject any that are not authorised. The authorised clients in question will be ASP.NET web applications,
but I do not have guaranteed access to their IIS configuration, nor to their local certificate stores, therefore the solution must not involve any of these items.
However, authorised clients, will always make calls to the web services using wrapper methods provided by an assembly that I
do have control over. My idea is to digitally sign that assembly, and use that signature as the basis for authenticating the client.For that to work, the assembly will need to be able to construct an X509Certificate object from itself, and to attach it to the call to the web service:
X509Certificate cert = X509Certificate.CreateFromSignedFile(Assembly.GetExecutingAssembly().Location);
_webService.ClientCertificates.Add(cert);
Then the web service must be able to compare the incoming request certificate to its own signing certificate to authenticate the client:
X509Certificate requestCert = new X509Certificate(Context.Request.ClientCertificate.Certificate);
X509Certificate signingCert = X509Certificate.CreateFromSignedFile(Assembly.GetExecutingAssembly().Location);[code]...
The documentation for the method doesn't help much, other than remarking that ASN.1 DER is the only certificate format supported by the method. if I am signing the assembly incorrectly, misunderstanding the method itself etc.? Or more generally if the approach I am taking will work or is flawed?
View 1 Replies
Similar Messages:
Mar 21, 2010
I have a fairly complex business application written in ASP.NET that is deployed on a hosted server. The site uses Forms Authentication, and there are about a dozen different roles defined. Employees and customers are both users of the application.
Now I have the requirement to develop a Windows Mobile client for the application that allows a very specialized set of tasks to be performed from a device, as opposed to a browser on a laptop. The client wants to increase productivity with this measure. Only employees will use this application.
I feel that it would make sense to re-use the security infrastructure that is already in place. The client does not need offline capability.
My thought is to deploy a set of web services to a folder of the existing site that only the new role "web service" has access to, and to use Forms Authentication (from a Windows Mobile 5/.Net 3.5 client).
I did see this question and I am aware of the limitations that Forms Authentication poses. Since security is not my primary motivator (I use SSL and can restrict access by IP address), but rather using existing user accounts and roles, my decision tree is somewhat different as well.
View 1 Replies
Sep 21, 2010
We currently have the code in WCF to sign the outgoing client requests' SOAP Body, however we need the same code for use with WSE 3.0. I can't find any examples of this.
View 3 Replies
Mar 31, 2010
What is the use of XSD when providing web services to the client.?
How visual studio provieds XSD ?
What will be the situtation where we need to develop XSD mannually instead of use of Visualstudio.
Suppose I have created web services for Add method.
How the XSD will be.?
View 1 Replies
Dec 22, 2010
How can we authenticate user in web services like i want that a user with valid id and password should only be able to consume my web service.
i am using .net framework 2.0
View 1 Replies
Jun 29, 2010
I have an ASP.NET application that is using Signle Sign On using Active Directory Federation Services
When the user first logs into the application, Once they are "authenticated", their credentials remain active while their web browser is open.
Now, I want the "authentication" to "timeout" in 60 minutes. This way if they browse to another page after 60 minutes, they are prompted to "re-enter" their credentials again.
I know that in FormsAuthentication, you can "de-authenticate" someone by calling "FormsAuthentication.SignOut();" in the Session_End Event in Global.asax.
Is there anyting like that for ADFS?
View 1 Replies
Apr 1, 2011
What is the best way for authenticating web methods in a web service? Is it right having authentication for every web method and verify user name and password for each web method? Is there a way to authenticate just once not for every web method? something like using sessions and etc?
View 2 Replies
Nov 17, 2010
I have a webservice that returns: <Index>test</Index>When it gets returned to a page & I view the source, it displays it as: <Index>test</Index>Is there a way I can send the element in its original form? I want to process the xml once it hits the page (actually flash will be interpreting the xml).
View 3 Replies
Jun 25, 2010
I have hosted a secure WCF service on cloud with a certificate created by makecert.
Now I want to restrict the access to the service by allowing only those clients who have the certificate generated by me.
What is the best approach to implement this
* Shall I go with the changes in the configuration file
* Or Shall I write the code to validate this in the service
* Is there any other alternative?
View 1 Replies
Jul 26, 2010
I need to send a X.509 client certificate to a web service in byte array (not attached to request). Besides the certificate, the caller will also send data and signed data. From the web service I can verify if the signature is ok but I don't know what is required to verify that the certificate is ok. I have the client certificate issuer CA trusted in Server (where the web service runs).
More specifically, how can I verify if a X.509 certificate itself is valid? I need to do it in web service not from IIS.
View 4 Replies
Dec 20, 2010
In my application, the client must sign (using a certificate) and send data to the server.My doubt is how should I do it?
To sign on the client side, I should use ActiveX right? My problem is that firefox doesn't support it.
Signing on the server side I have two options:
Save the private key on the server and use it when necessary (if the data is modified during the transaction it will sign false data)Send the private key when necessary (may comprise the key)
Despite using SSL, I'm not very confortable with any of the two options for signing on the server side...
View 1 Replies
Jul 19, 2010
i generated a private key like- keytool -genkey -alias mview -keypass mviewpass -keystore /keystore
then exported it in form of certificate file as- -export -alias mview -keystore /home/d261733/keytool_keys/keystore -rfc -file testcert.cer this gives me two files sitting in c:
1) testcert.cer (which is the certificate)
2) keystore (which is private key)
Now i wan to sign an xml soap request like below in c# in .NET
[Code]....
View 1 Replies
Nov 8, 2010
A customer reported that our asmx web service is continually increasing in memory (mem usage as well as private bytes). We are able to reproduce the problem in our lab with Windows 2003 Server SP2 (fully patched) on some of the machines. The customer is using Windows 2008.
We created a Hello World web service targeting the 2.0 framework built under VS2005 SP1 and a test client that continues to call it. The memory increases steadily - approximately 40K per client request. If the test app is paused, the memory remains the same. When it is closed, the memory drops. Explicit calling of GC.Collect does not drop the memory.
We have run the memory profiler on the service and the leak is all native memory. We have uninstalled/re-installed the Framework on one of the machines but no difference. To our knowledge all of the security and IIS settings are not modified. We have compared app pool, default web site and virtual directory properties to machines that have no problem and they are identical.
View 11 Replies
Jul 17, 2010
i want to know, how to use the web services in asp.net project
View 2 Replies
May 24, 2012
What is Web services? What is Web services? How can I Transfer the data from server to client and client to server using XML. Need one simple Example program(C# web Application) ...
View 1 Replies
Jul 28, 2010
I need a book or two to get a good understanding of web services, starting from very basics, and going upto WCF. I've been using c# for 2 years and have intermediate level of experience with the language.
View 1 Replies
Sep 21, 2010
Using ASP.NET 3.5 /C# / VS 2008.
I have written some web services that I want to make available to others by subscription. The subscribers need to use the service from a specific domain / IP address and also authenticate with a user Id and password.
What exactly should I distribute to the subscriber so they can use the services, while exposing the least about my code?How can authenticate a consumer of services without always passing an Id / password for each service?
View 3 Replies
Feb 8, 2011
I learned from internet that webservices can be invoked only by HTTP whereas WCF can be invoked by HTTP,TCP,et., can i know the difference between them
View 4 Replies
Aug 6, 2010
These days I see that every other job posting requires LINQ and WCF. I have spent lot of time on LINQ, was fun to learn.
Now I want to move on to Web Services and WCF. After goggleing for some time, I am not sure either go for web services or WCF.
View 2 Replies
Mar 2, 2011
I've created Web Services in .Net 3.5 & Consumed those Web Services in a Client Web Application. Now i want to Host the WebService in IIS 5.1. I'm very new to .net, I'm using VS 2010, Wndows XP Service Pack 3, IIS 5.1;
View 15 Replies
May 5, 2010
I have a wcf dataservice that talks to a silverlight client and a wcf service library that talks to a chat client.How can i get the two services to talk to each other?
View 3 Replies
Mar 18, 2011
From my following code snippet:
ExchangeServiceBinding binding = new ExchangeServiceBinding();
binding.Credentials = new NetworkCredential(username, password);
binding.Url = "http://servername/ews/exchange.asmx";
The above web services throws Unauthorized Access Error (Error : 401) for newly created users.I would like to know how to impersonate this user for accessing this exchange web services.
View 1 Replies
May 12, 2010
What is End Point URL in Web Services?
View 1 Replies
Jul 7, 2010
Microsoft Dynamics GP is installed on my system..can I access GP web services?...If I can,how it is possible
View 1 Replies
Dec 25, 2010
why does web services do not support datareader? plz explain it ,it's urgent .
View 3 Replies
