Highest Voted 'wcf' Questions - IT Security Stack Exchange

2

votes

1 answer

Multiple security layers for SOA REST intranet services

For intranet applications that already leverage Active Directory, is there any point or benefit to adding a second layer of security such as OAuth when accessing SOA REST services? We're new to SOA and REST and are fairly unguided as to how to…

asked Mar 25 '12 at 20:17

KodeKreachor

185
1
1
4

1

vote

0 answers

Real Risk of BasicHttpBinding

A slightly rhetorical question I guess, but I have been trying to get wsHttpBinding to work for my application, and although it does work perfectly if I am able to physically import the required keys onto a client machine (which is clearly not…

wcf

asked Sep 05 '15 at 21:49

John W

66
4

1

vote

0 answers

Distribution of a public key with a dotnet client application?

I have a pretty good understanding of X509 cryptography etc, from my career in the smart card industry. So I know that the card scheme (e.g. Visa, MasterCard) is the highest level of trust - they sign issuer keys for subsequent diversification and…

tls .net x.509 wcf

asked Jul 28 '15 at 21:48

John W

66
4

1

vote

0 answers

ASP.NET WCF security, javascript and handling sensitive information

I've come upon what I would call some "nasty" javascript coding (I come from a KnockoutJS / Angular / Web API 'world') in which WCF services are exposed to javascript by production URL's, i.e. "productionserver.com.WCFService.WCFfunction(parameter,…

tls javascript credit-card banks wcf

asked Apr 17 '15 at 21:23

Nick Olinger

111
3

1

vote

0 answers

Is generating custom authentication token for WCF service requests a good practice?

I have public WCF web service which works over https. There are lots of technical restrictions on client side, so I can't use any advanced schemes like oauth. I have registered users and some of them can access WCF service using their…

authentication web-service wcf token

asked Feb 20 '15 at 06:02

vsevolod

11
1

1

vote

0 answers

Deploying software that requires X.509 certificates

I have a self-hosted WCF application, with a server application running on the server (obviously) and a client application that will be installed on the users PC. Up until this point I have been developing the system on my personal machine and using…

certificates certificate-authority x.509 wcf

asked Mar 26 '14 at 12:42

Sam

210
2
6

1

vote

1 answer

My WCF application uses 2 way certificate message encryption - does it still need SSL?

I have a WCF service configured to use two-way certificate authentication on the messages. The server is also locked down through a firewall to only allow traffic from a single IP:Port that the client is also using. Is SSL for the transport layer…

encryption certificates wcf

asked Mar 21 '14 at 20:06

asawyer

111
3

1

vote

1 answer

SSL on domain will affect un-secured sub-domain

I have a plan to buy a SSL certificate for my domain. I don't have much budget so I decided to buy standard SSL with no support for sub-domains. I have a WCF web-service that works on sub-domain. This WCF service is consumed by the website on the…

tls network dns-domain wcf sub-domain

asked Oct 03 '13 at 18:09

Aishwarya Shiva

121
7

1

vote

1 answer

Does using many XML parsers (XDocument, XMLDocument) from the public Internet increase attack surface area?

I am coding an anonymous WCF service that allows others to post XML into it. Does using different kinds of XML parsers XDocument, XMLDocument, or even 3rd party parsers increase the attack surface area? (Buffer overflows, etc).

appsec asp.net wcf xml buffer-overflow

asked Jan 22 '11 at 00:10

makerofthings7

50,090
54
250
536

1

vote

0 answers

Taking a service from development to production

I have created a service (WCF) that acts as a backend for a DB. For now it does basic operations such as INSERT, SELECT etc. I have run it locally and now it is time to expose her to the internet and enter 'production'. Is there a best practice to…

web-service wcf

asked Sep 05 '16 at 15:23

Kafros

11
3

0

votes

1 answer

Choosing security scenario for WCF service/client hosted by IIS

I have web server (hosted using IIS) in DMZ hosts multiple web services (WCF), the clients are non-server applications (they are standalone .NET application) reaching these web services via internet using the HTTPS protocol. My server has an SSL…

web-service wcf

asked May 13 '15 at 14:30

Fred Jand

103
2

0

votes

2 answers

Authenticate WCF call to ADFS through Web Application Proxy (WAP)

Currently we authenticate WCF calls TO a service via ADFS, using the following procedure: Firstly, we get a SAML token from ADFS using (var factory = new WSTrustChannelFactory( new…

saml wcf adfs

asked Aug 11 '14 at 15:48

Michael

5,393
2
32
57

0

votes

0 answers

Using WCFs WS-security implementation, how can the server verify client identity?

Using the configuration below we have implemented message security using WCF and WS-security. Note that we use clientCredentialType=Certificate. Now my questions are: Does the configuration below represent a cryptographically secure way to verify…

web-service wcf

asked Sep 25 '15 at 08:26

codeape

181
1
5

-2

votes

1 answer

SSL Server-side certificate on client computer?

There is a server with WCF client, which periodically initiates communications over internet with many WCF services installed on our clients computers. WCF services and WCF clients are hosted in Windows Service, current binding is…

encryption tls certificates wcf

asked Jun 10 '16 at 13:22

B G

1
2

Questions tagged [wcf]