[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 878
  • Last Modified:

How to secure WCF service

I have the follosinw wb.config. When I cand this service from ajax over http, it works. But when I try it over secure channel, it fails. What modifications should I do to this file?


<configuration>
  <system.webServer>
    <security>
      <requestFiltering>
        <requestLimits maxQueryString="20000">
          <headerLimits>
            <add header="Content-type" sizeLimit="20000" />
          </headerLimits>
        </requestLimits>
      </requestFiltering>
    </security>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="ContentTypeHttpModule"
             type="ContentTypeHttpModule.ContentTypeHttpModule, ContentTypeHttpModule" />
    </modules>
  </system.webServer>
  <system.web>
    <httpRuntime maxQueryStringLength="20000" maxRequestLength="20000"/>
    <webServices>
      <protocols>
        <add name="HttpGet"/>
        <add name="HttpPost"/>
      </protocols>
    </webServices>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
      </assemblies>
    </compilation>
    <identity impersonate="false" />
    <authentication mode="Windows" />
  </system.web>
  <connectionStrings>
    
  </connectionStrings>

  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
          <serviceAuthorization serviceAuthorizationManagerType="statevault.APIKeyAuthorization, statevault" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <standardEndpoints>
      <webHttpEndpoint>
        <standardEndpoint automaticFormatSelectionEnabled="true" helpEnabled="true" crossDomainScriptAccessEnabled="true" />
      </webHttpEndpoint>
    </standardEndpoints>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
</configuration>

Open in new window

0
adriandragomirescu
Asked:
adriandragomirescu
  • 2
1 Solution
 
guveraCommented:
Hi,

 Step1: Install the WSE2.0 Service Pack.

Step2: Open a project (applies to both windows and web applications) and right click the solution file.

Step3: On Clicking on the WSE Settings2.0 window a popup properties windows as shown below will be displayed. Check the on "Enable the project for Web Services Enhancements" check box.

Step4: Steps 1 through step3 should be repeated for the project where the web service is hosted.

Step5: Now let's write a simple piece of code which accesses the web service method on which the WSE2.0 settings have been implemented.

Assuming we have a Web Service named Weatherservice already exists we write the following lines of code to access a method called GetTemperature ( ) in the project accessing the Weather web service.

Weatherservice wservice = new Weatherservice();
// Get the SoapContext object for the message
SoapContext context = wservice.RequestSoapContext;
// Instantiate a new UsernameToken object.
UsernameToken token = new UsernameToken (name,
Password, PasswordOption.SendNone);
// Add the token to the SoapContext.
context.Security.Tokens.Add(token);
// Generate a signature using the username token,
// and add the signature to the SoapContext.
context.Security.Elements.Add(new Signature(token));
try
{
// Call the Web method.
String temperature = service.GetTemperature();
}
catch(Exception ex)
{
// Error handling
}

Hope it may helpful to you.

Thanks
Guvera
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now