I am invoking a WCF web service (.NET 4.0) via jQuery $.ajax() from an ASP.NET page. How can I secure the WCF service such that only authenticated ASP.NET users can invoke the service's methods? Do I need to imperatively check the forms authentication cookie manually in each service method, or is there a more declarative approach?
View 1 RepliesI am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
I have a webservice that's behind form's authentication. The site that hosts the service also serves as a site that requires a user to log in via the login page.I have a second site that needs to be able to access the service that the first site hosts. However, when attempting to access the service, it fails because the service requires that the user is logged in.
View 1 RepliesWe've got some WCF services we're hosting via IIS. The application in general uses Forms Authentication, and we'd like to continue making that available for web service clients. We just have a <authorization><deny users="?"> in our web.config and some authentication/redirection goodness that gets everything done.
The problem is we'd like for users to be able to access the metadata for the services without authentication. Can they visit /services/v1/ArtifactService.svc?wsdl anonymously and yet still require authentication for /services/v1/ArtifactService.svc/rest/GetArtifacts?studyId=123? If so, I can't figure out the right incantation in the configuration.
The best I can think of is to set an absolute URL in the metadata service behavior, but then I have to doctor the path on install anywhere we deploy. (<serviceMetadata httpGetEnabled="true" httpGetUrl=[URL]
i have one web service how can i give access to that web service to many user(with secure method). Now i am checking url and only doing for one site. So what should i do.
View 1 RepliesI am new to Web services and .NET. I have to authenticate a web service that is being accessed using http post. I tried putting a custom soap header and sending it to the service and checking the header in service but the header object is always null in the service.also if i put the user and password options in http headers how can i validate them on the server ? Client code:
private void button1_Click(object sender, EventArgs e)
{
HttpWebRequest request;
[code]...
how to publish a service with authentication
View 2 RepliesI have created a WCF service that will serve as authentication service for Silverlight client.The problem is that when I make a call to FormsAuthentication.SetAuthCookie in the Login method below, I get a null reference exception. I am following the 'Securing Applications Built on Silverlight and WCF' (http://www.componentart.com/community/blogs/milos/archive/2009/05/07/securing-applications-built-on-silverlight-and-wcf.aspx)
[Code]....
I want to create a web service that can authenticate user from my application. I will be sending user name and password from my app to the web service and that will deny or accept the user. I want to use form authentication using sql server. that this web service can be used by other team in my office so that they can just call the web service and the user will be authenticated.
Also, is it possible to use both form and windows authentication in my web service and authenticate the user both ways.
I am using .NET roles and membership model to manage user accounts in my system back-end.
If the request is come from within my web-app, I can authenticate through form.
But if the user is requesting from else where, maybe their own apps, how to I do authentication?
attach username and password (GET/POST) and then secure the line by SSL? is that what I should do?
By default web service is enable for windows authentication. But if we want to expose our service to public domain, then I guess we have to use some specific credential for web service authentication. Can anyone tell me how to set those credential at service side and validate it for client and how the client will send those credentials?
View 1 RepliesWe are gonna call web service with username and password. how to implement this on a web service client?
View 1 RepliesI have a web page that calls a WCF service that makes a sql database call using Integrated Security. I get an error saying, "Login failed for user 'CorpDomainServerName01$'". I want it so that it all layers will execute under the user's AD credetials (working in an intranet), ie: "CorpDomainAlbert". On the server (Win 2008/IIS 7), I have Windows Authentication turned on and everything else off (including Anonymous) under Authentication for both the web client and the WCF service. Here's my client web.config:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IMyService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<!--<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />...........................
I have a WCF service hosted on an external server (other domain) and I'm trying to consume it from a command line application. I receive the following error:
The request for security token could not be satisfied because authentication failed.
The service is configured inside a web.config file:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding_IRun">
[Code]....
On the client side, I create a custom binding to connect to the service. Here is the security configuration:
standardBinding.Security.Mode = SecurityMode.None;
standardBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
standardBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
standardBinding.Security.Transport.Realm = "";
standardBinding.Security.Message.ClientCredentialType = MessageCredentialType.None;
standardBinding.Security.Message.NegotiateServiceCredential = false;
standardBinding.Security.Message.EstablishSecurityContext = false;
standardBinding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Default;
I'm not using any security mechanism for authentification but still, the service seems to be expecting one. When working on different domains, is it mandatory to use a basic authentification?
EDIT: I wasn't referencing any binding configuration at my endpoint. Once the reference was set, I received another message error:
{"The message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue' cannot be processed at the receiver, due to a ContractFilter mismatch at the EndpointDispatcher. This may be because of either a contract mismatch (mismatched Actions between sender and receiver) or a binding/security mismatch between the sender and the receiver. Check that sender and receiver have the same contract and the same binding (including security requirements, e.g. Message, Transport, None)."}
The issue was caused by my client's binding. While I was creating my custom binding using the standard 'WSHttpBinding', the 'SecurityMode' property was set to 'Message' instead of 'None'. Now the code looks like the following and the service finally works:
WSHttpBinding standardBinding = new WSHttpBinding(SecurityMode.None, false);
CustomBinding myCustomBinding = new CustomBinding(standardBinding);
I am authenticating my ASP.Net application through Active Directory(Microsoft ADFS Proxy). Now I want to move this authentication to WCF service so that authentication will b done there and later on this service will b flexible. Let me know how to proceed for this and what are the binding types required for this
View 2 RepliesI have been making use of the WCF Authentication Service in ASP.Net but I have found that whenever you navigate all session, user, login data is lost.I have tested using the Standard ASP.Net Login page and mechanism and everything works fine.Why is nothing persisting from one page to another?
View 1 RepliesI have a web service within my application (app A) writing to an oracle database (database resides on a different server). when i call the web service from another application (app B), it fails to write to the database. when the web service is called from app A, it successfully writes to the database.
I guess this issue has to do with authentication/impersonation of ASP.NET. both applications (A & B ) are subsites within the same website in IIS and both uses windows authentication (intranet applications). I dont have access to the server and IIS.
How to implement form authentication wcf service?
View 1 Repliesi call my project web service, previously there was no pre-authetication. Now i didn't work web service. My code is as follows:
[Code]....
how to implement window based authentication for web service
View 1 RepliesI am looking for a code which does authentication using service account username and password. I mean username and password which has permission to access the active directory and then authenticate the actual username and password provided by end-user. Googled everywhere but could not find any suitable code.
View 1 Replies1. i am calling wsdl of api it is asking for username and password . I configured that and now i am able to see wsdl 2. i have an this API from my wcf application , first i have tried with WCF service application . i add the API as WEBrefrence and created code like that
localhost.WebServicesSessionSpringBeanService service= new localhost.WebServicesSessionSpringBeanService();
I have installed a web service in a client machine, its accessing a mapped network drive from a remote machine. But when its trying to read files from that file I'm getting this error
Code:
Message:
Authentication failed
Description:
QBWC1012: Authentication failed due to following error message.
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.IO.IOException: Logon failure: unknown user name or bad password.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
at System.IO.Directory.GetFiles(String path, String searchPattern)
at WCWebService.WCWebService.authenticate(String strUserName, String strPassword) in C:inetpubwwwrootinvoicecreatews codeinvoicecreatewsWCWebService.asmx.cs:line 463
--- End of inner exception stack trace --- See QWCLog for more details. Remember to turn logging on.
I have supplied user crendentials also, the same web service working in another machine with the same mapped drive with the same user credentials. Manually I can map the drive using the credentials which I'm passing thru the application.
I have a SqlMembershipProvider store with Roles enabled. This is configured and has the user "devtest" in the roles "xxUser" and "xxAdmin".
I also have a WCF service, which I want to authenticate and authorize against. My problem is that:
the authorisation is not happening, code just executes despite the policy attribute I don't get any identity or security context so do not know who is calling the service I need: to know which user is calling the
method some degree of rejecting users if permissions don't match (ideally this should be performed
within the RoleProvider/MembershipProvider/WCF but can do it myself if I have to) SSL in transport
I have my service contract set up thus:
[ServiceContract]
public interface ISupportService
{
[OperationContract]
[PrincipalPermission(SecurityAction.Demand, Role = "ThisRoleDoesNotExist")]
List<BaseInterestRate> GetAllBaseInterestRates();
}
the code is simple enough:
public class SupportService : ISupportService
{
public List<BaseInterestRate> GetAllBaseInterestRates()
{
OperationContext operationContext = OperationContext.Current;
ServiceSecurityContext serviceSecurityContext = ServiceSecurityContext.Current; // is always null
using (xxxEntities entities = new xxxEntities())
{
return new List<BaseInterestRate>(entities.BaseInterestRates);
}
}}
My service configuration is thus:
-->
<behaviors>
<serviceBehaviors>
<behavior name="SupportServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="AspNetSqlRoleProvider" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="SqlMembershipProvider" />
</serviceCredentials>
</behavior>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Having already configured the MembershipProvider:
<membership defaultProvider="SqlMembershipProvider" >
<providers>
<clear/>
<add name="SqlMembershipProvider"
connectionStringName="SqlMembershipProvider"
applicationName="xxx"
type="System.Web.Security.SqlMembershipProvider" />
</providers>
</membership>
<roleManager enabled="true">
<providers>
<clear />
<add connectionStringName="SqlMembershipProvider" applicationName="xxx"
name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
<add applicationName="xxx" name="AspNetWindowsTokenRoleProvider
type="System.Web.Security.WindowsTokenRoleProvider" />
</providers>
</roleManager>
I have followed the instructions at these pages to the letter:
How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms (MSDN)
How to: Create and Install Temporary Client Certificates in WCF During Development (MSDN)
How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredentials in WCF Calling from Windows Forms (MSDN)
Also quite useful found via SO: Use Asp.Net Membership provider with a WCF .svc service (Alkampfer's Place)
I would at lest expect an issue with certificates/transport/etc. to fail with exceptions, but I can debug right in and over the WCF call. I have no security context/ user context available to me and when I use a user not in the two mentioned roles (which I do in the code example above), I don't get "kicked out".
My client app is currently a Web App, but will ultimately also serve a Windows Forms app and Test suite. I'm currently using the ASP.NET WebDev server and am running .NET 4.0.
Am I missing something?
I have just started building an asp.net web service with visual studio 2005. However whenever i try and run the site i get this message, saying "debugging failed because integrated windows authentication is not enabled". I am at a loss of how to correct this problem.
View 1 Replies