MCT Session Demos
February 10, 2009
Posted by on
I have uploaded my MCT demos on “Building Secure Web Services using WCF” on skydrive. Though this would require some configuration in terms of setting up database for Membership / Role provider & installing certificates hopefully it should still help you in getting started with WCF Security. Keep a close eye on security mode & credentials. You can find a comprehensive set of samples here.
Let me elaborate on each demo considering the mentor audience:
1) You start with basicHttpBinding & wsHttpBinding. Turn the Message Logging on at transport level with LogEntireMessage set to true. You can show participants the secure wsHttpBinding. N.B. by default wsHttpBinding uses Message security with Windows Credentials. Here you don’t require certificates for message security as windows credentials rely on SPNEGO. You can use ProtectionLevel at OperationContract to differentiate between Sign & EncryptWithSign. Also impersonation works only with Windows credentials & for it to work client must explicitly give rights.
2) For basicHttpBinding change the security mode to transport & try to browse to get an error. Configure a SSL certificate to ensure that transport is safe. Browse should work now.
3) Username for wsHttpBinding can use either custom provider or ASP.NET providers. As it turns out custom provider is much easier to demo – no configurations required. Over here the credentials is Username but you will still need a certificate for providing protection to message. So you provide Server Certificate & in case you are using a makecert certificate you need to enable PeerTrust on client side. Don’t forget to put the public key of server certificate in client’s Trusted publishers folder (Personal Store).
4) Certificate security for wsHttpBinding requires certificates both on client & server side.
5) Issued tokens provide a level of flexibility in terms of rich credentials. You can demo it with self issued cards through Cardspace using wsFederationHttpBinding.
Thanks for being such a wonderful audience. Hope to meet you guys soon. Love you all .