Message level security - the default one
-the message is encrypted from end to end
Transport level security
-the communication channel is encrypted using ssl over http (https)
TransportWithMessageCredential
-it's a variation of the other two types. It provides both channel and message encryption.For HTTP, the mechanism is Secure Sockets Layer (SSL) over HTTP (HTTPS); for TCP, it is SSL over TCP or Windows.
Here is a good article about securing services.
I will now make few step by step demos of combined security and authentication practices in WCF.
The firs one is using Basic Authentication in WCF using TransportCredentialOnly security mode. Note that it does not provide message integrity or confidentiality. Basic authentication works well in scenarios where you want to provide access to some people inside a company for example.
In the first part we will create the service with the needed configuration and host it on iis. The next ting we will create a basic(Console) client to consume our service.
Part I - Creating the service
Step 1. Create a new WCF Service Application
I named my "WcfBasic"
Step 2. Create a binding
I choose to create a basic http binding , nothing very special. Here is the element.
<basicHttpBinding>
<binding name="SecurityBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"></transport>
</security> </binding> </basicHttpBinding>
Now we have to put this element in the configuration file inside the bindings element.
Note: if you don' have <bindings> element just create it
Step 3. Add the service and end point elements.
You must add the following element in the <services> tag in the configuration file. If there is no <services> element just create one.
<services>
<service name="WcfSecurity.SecurityService">
<endpoint address=""
binding="basicHttpBinding" bindingConfiguration="SecurityBinding"
name="BasicHttpEndpoint" contract="WcfSecurity.ISecurityService">
</endpoint>
</service>
</services>
Save now the changes, build your project and let's try to open it in a browser.
Right click on Service1.svc -> View in Browser. You should get this error:
Security settings for this service require 'Basic' Authentication but it is not enabled for the IIS application that hosts this service.
That's because we haven't enabled yet basic authentication for our service.
Step 4. Host the service on iis and enable basic authentication
First we have to publish the service on iis. For this you have to right click on the WcfBassic project and click Publish
It will appear a popup where we have to set up the virtual directory and other things.
Service Url: localhost
Site/application: Default Web Site/WcfBasic (here you can add other name if you like)
Check 'Mark as IIS application on destination'
Click Publish
Note: solve and build errors before publishing, otherwise the publish will fail!
After the publish is succeeded, open your IIS manager and let's enable the basic authentication.
Step 5. Enable basic authentication in iis
TransportWithMessageCredential
-it's a variation of the other two types. It provides both channel and message encryption.For HTTP, the mechanism is Secure Sockets Layer (SSL) over HTTP (HTTPS); for TCP, it is SSL over TCP or Windows.
Here is a good article about securing services.
I will now make few step by step demos of combined security and authentication practices in WCF.
The firs one is using Basic Authentication in WCF using TransportCredentialOnly security mode. Note that it does not provide message integrity or confidentiality. Basic authentication works well in scenarios where you want to provide access to some people inside a company for example.
In the first part we will create the service with the needed configuration and host it on iis. The next ting we will create a basic(Console) client to consume our service.
Part I - Creating the service
Step 1. Create a new WCF Service Application
I named my "WcfBasic"
Step 2. Create a binding
I choose to create a basic http binding , nothing very special. Here is the element.
<basicHttpBinding>
<binding name="SecurityBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"></transport>
</security> </binding> </basicHttpBinding>
Now we have to put this element in the configuration file inside the bindings element.
Note: if you don' have <bindings> element just create it
Step 3. Add the service and end point elements.
You must add the following element in the <services> tag in the configuration file. If there is no <services> element just create one.
<services>
<service name="WcfSecurity.SecurityService">
<endpoint address=""
binding="basicHttpBinding" bindingConfiguration="SecurityBinding"
name="BasicHttpEndpoint" contract="WcfSecurity.ISecurityService">
</endpoint>
</service>
</services>
Save now the changes, build your project and let's try to open it in a browser.
Right click on Service1.svc -> View in Browser. You should get this error:
Security settings for this service require 'Basic' Authentication but it is not enabled for the IIS application that hosts this service.
That's because we haven't enabled yet basic authentication for our service.
Step 4. Host the service on iis and enable basic authentication
First we have to publish the service on iis. For this you have to right click on the WcfBassic project and click Publish
It will appear a popup where we have to set up the virtual directory and other things.
Service Url: localhost
Site/application: Default Web Site/WcfBasic (here you can add other name if you like)
Check 'Mark as IIS application on destination'
Click Publish
Note: solve and build errors before publishing, otherwise the publish will fail!
After the publish is succeeded, open your IIS manager and let's enable the basic authentication.
Step 5. Enable basic authentication in iis
Locate your application under Sites/Default Web Site. In the Features view, locate and double click the Authentication icon.
Otherwise you will get unauthorized error.
That was the hard part. What's left now is to create a client to consume the service.
Part II. Creating the client to consume the service
Step 1. Create a new console application in the solution
Step 2. Add service reference.
Remember that our service is now hosted on iis. So in order to add the reference, expand the console project and right click References -> Add Service Reference. It will show up a popup where we have to enter the service url which should something like: 'http://localhost/WcfBasicAuth/Service1.svc'
When you press Ok, you will be prompted for your credentials, and you will receive a warning.
This is the request credentials pop up.
Enter your credentials and press ok. The service reference is added to your application.
Step 3. Instantiate the service and call method
The last thing to do now is to instantiate the service, set the ClientCredentials and call the method. The credentials are your logon credentials.
Note: before you can test it, you must set the console application as start project.Right click on the console project -> Set as startup project.
And here is the result if your credentials are good:
Let me know what you think. Stay close for more step by step demos using transport security mode (https with ssl certificate), custom user name and password, Authentication Service in WCF.
Download code
0 comments:
Post a Comment