I hope someone can help me out. How can I do federation over TCP? I am using ADFS as my STS. My WCF service (Relying party) expose its endpoint over net.tcp bindings. The STS would be accessed through wsHttp endpoints. How would I do this? Any suggestions?
Thank you
I am just wondering if I am doing this correctly. I have created a custom binding. This is for the server side.
<!-- STS Binding -->
<ws2007HttpBinding>
<binding name="STSBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Windows">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="false"/>
</security>
</binding>
</ws2007HttpBinding>
<customBinding>
<binding name="WCFTestServiceLibrary.IService1_FederationNetTcpBinding">
<security authenticationMode="SecureConversation" requireSecurityContextCancellation="true">
<secureConversationBootstrap authenticationMode="IssuedToken">
<issuedTokenParameters tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile- 1.1#SAMLV2.0">
<issuer address="https://test/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256"
binding="ws2007HttpBinding" bindingConfiguration="STSBinding">
</issuer>
<issuerMetadata address="https://test/adfs/services/trust/mex" />
<claimTypeRequirements>
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="true" />
<add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" isOptional="true" />
</claimTypeRequirements>
</issuedTokenParameters>
</secureConversationBootstrap>
</security>
<binaryMessageEncoding />
<tcpTransport />
</binding>
</customBinding>
Never done this but from what I've read:
Check that your endpoint is enabled in ADFS.
Then add tcp to the "Enabled Protocols" for the ADFS IIS site.
Refer Enabling net.tcp
Related
I am using ASP.Net MVC to develop my website
I have hosted my website on Azure and my website url is like "https://myazurewebsite.azurewebsites.net".
I have a login page to my website, without login they can not browse any of my Views.
But if i use URL like https://myazurewebsite.azurewebsites.net/js/myJS.js, then browser is rendering my js file. I don't want to show my JS files to unauthorized users.
I there any way to stop this through configuration or through code?
I have solved this issue by adding below lines in my web.config.
<security>
<requestFiltering>
<filteringRules>
<filteringRule name="protectjs" scanUrl="true" scanQueryString="true">
<scanHeaders>
<clear />
<add requestHeader="Accept" />
</scanHeaders>
<appliesTo>
<clear />
<add fileExtension=".js" />
<add fileExtension=".css" />
</appliesTo>
<denyStrings>
<clear />
<add string="text/html" />
</denyStrings>
</filteringRule>
</filteringRules>
</requestFiltering>
</security>
I have created a Class library project and add the service reference of "E-Verify" web service to this project. In this project, I have created a wrapper class and consumed all the services of "E-Verify".
I have added the reference to this project in the API project. But, while assessing this wrapper method inside an API project I am getting an error
Error:
Could not find default endpoint element that references contract 'EmployerWebServiceV29.IEmployerWebServiceV29' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element.
Anyone having any idea how to fix this issue?
Wrapper Code:
try {
EmployerWebServiceV29Client client = new EmployerWebServiceV29Client();
client.ClientCredentials.UserName.UserName = "";
client.ClientCredentials.UserName.Password = "";
client.VerifyConnection();
} catch (Exception ex) {
throw new ServiceAccessException(ErrorConstants.SERVICE_ACCESS_ERROR);
}
app.config:
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IEmployerWebServiceV29">
<security mode="TransportWithMessageCredential"/>
</binding>
</basicHttpBinding>
<wsHttpBinding>
<binding name="CustomBinding_IEmployerWebServiceV29">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="stage.e-verify.uscis.gov/WcfWebService/…;"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IEmployerWebServiceV29"
contract="EmployerWebServiceV29.IEmployerWebServiceV29"
name="BasicHttpBinding_IEmployerWebServiceV29"/>
<endpoint address="stage.e-verify.uscis.gov/WcfWebService/…;"
binding="wsHttpBinding"
bindingConfiguration="CustomBinding_IEmployerWebServiceV29"
contract="EmployerWebServiceV29.IEmployerWebServiceV29"
name="CustomBinding_IEmployerWebServiceV29"/>
</client>
I am new in the SimpleMembership model. WebSecurity works fine in the Web pages, but I have problems when I use it in the services.
I have some web services, working under:
<binding name="SecureBasicBindingWithMembershipConfig">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
I try to recover the user Id from a web service.
If I use WebSecurity.IsAuthenticated, it returns IsAuthenticated = 'WebMatrix.WebData.WebSecurity.IsAuthenticated' threw an exception of type 'System.ArgumentNullException'
However, using System.Web.Security.Membership.GetUser() the user Id is correctly returned.
Can WebSecurity be used within a WCF service or I am doing something wrong?
I am using WIF SSO for authentication in my website. Everything works perfect in development environment. But on deployment I got issue
Message: The data protection operation was unsuccessful. This may have
been caused by not having the user profile loaded for the current
thread's user context, which may be the case when the thread is
impersonating. ExceptionStackTrace: at
System.Security.Cryptography.ProtectedData.Protect(Byte[] userData,
Byte[] optionalEntropy, DataProtectionScope scope) at
Microsoft.IdentityModel.Web.ProtectedDataCookieTransform.Encode(Byte[]
value)
Searching abt this issue leads me to this stackoverflow question
Is it possible to run WIF without LoadUserProfile = True
I added the code mentioned but now I am getting
Value cannot be null
I am getting e.ServiceConfiguration.ServiceCertificate ServiceCertificate null. My question is what kind of certificate is this and where can I define this in my config. Do I need to place the same certificate on ACS.
here is my config section
<microsoft.identityModel>
<service>
<audienceUris>
<add value="http://localhost:9494/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://devworks-sb.accesscontrol.appfabriclabs.com/v2/wsfederation" realm="http://localhost:9494" requireHttps="false" />
<cookieHandler requireSsl="false" />
</federatedAuthentication>
<applicationService>
<claimTypeRequired>
<!--Following are the claims offered by STS 'https://devworks-sb.accesscontrol.appfabriclabs.com/'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
<!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true" />-->
<!--<claimType type="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider" optional="true" />-->
</claimTypeRequired>
</applicationService>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="BE9D0A516BEC2BC820C23D5C2EA79F068C094382" name="https://devworks-sb.accesscontrol.appfabriclabs.com/" />
</trustedIssuers>
</issuerNameRegistry>
</service> </microsoft.identityModel>
thanx
First thing you mentioned that the problem occurred after deployment, is that right? In your web.config have you changed the audienceUris to http://whatever_service_name.cloudapp.net?
<audienceUris>
<add value="http://localhost:9494/" /> <== This is wrong
</audienceUris>
Next your question about certificate is NULL at e.ServiceConfiguration.ServiceCertificate, please verify the following:
A. Endpoint is added in your application Service Definition:
B. Certificate thumbprint is set in Service Configuration
C. Certificate is set in web.config which is correct above
D. Finally added the following in your web.config so certificate can be search by thumbprint:
<serviceCertificate>
<certificateReference x509FindType="FindByThumbprint" findValue="CERT_THUMB" />
</serviceCertificate>
Study these two resources which will be very helpful:
http://www.jimandkatrin.com/CodeBlog/post/Troubleshooting-Azure-issues.aspx
http://blogs.msmvps.com/marcelmeijer/blog/2012/05/04/windows-azure-wif-access-control-acs/
The root cause is likely to be you’re using DPAPI (the default configuration of WIF). Please try to do a few modifications for the application to work in Windows Azure. I would like to suggest you to check http://msdn.microsoft.com/en-us/IdentityTrainingCourse_WIFonWAZLab2010 for a tutorial.
Best Regards,
Ming Xu.
I am super new to MVC (in fact, this is my first assignment)
So, I have a good webservice running, functional, on my local machine
http://www.codetrials.local/wcf/UserServices.svc?wsdl
and In my MVC application, I added a service reference as usual, and then in my Model.cs I am trying this:
using (CodeTrials.UserServicesClient _client = new UserServicesClient())
{
UserWebsite = _client.GetUserWebsite(username);
}
but when I try to run this, I always get the exception endpoint not found. I can access this from my (different) asp.net project and it works just fine, same code and everything. After some digging around I found this answer I modified my above code to:
BasicHttpBinding binding = new BasicHttpBinding();
EndpointAddress address = new EndpointAddress("http://www.codetrials.local/wcf/UserServices.svc");
using (CodeTrials.UserServicesClient _client = new UserServicesClient(binding, address))
{
UserWebsite = _client.GetUserWebsite(username);
}
but now, I get a new exception: There was no endpoint listening at http://www.codetrials.local/wcf/UserServices.svc?wsdl that could accept the message
So I am at my wits end.
I found a similar question but it's not what I am looking for.
Can you please guide me to the right path?
what am I not doing right?
should I shift the consuming of webservice from Model to Controller?
Thanks.
EDIT - This is my config file system.serviceModel section. I just copy pasted it from the WCF client test gui tool into web.config since it was not being generated by visual studio.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IUserServices" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://www.codetrials.local/wcf/UserServices.svc/wcf/UserServices.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IUserServices"
contract="IUserServices" name="BasicHttpBinding_IUserServices" />
</client>
</system.serviceModel>
Reposting from the comments since it turned out to be the answer. :) Turned out that web.debug.config was overwriting the web.config in this case.
Are you sure its in the right web.config then? VS should create it automatically when you add the service reference (it does for me at least). One gotcha is that a normal MVC app has two web.config files, there's a second one inside the Views folder by default. Other then that, I'm not really sure whats going on.
Your code shows you are using this URL: http://www.codetrials.local/wcf/UserServices.svc to access the service endpoint but your exception message says you are actually using http://www.codetrials.local/wcf/UserServices.svc?wsdl instead.
Check your MVC app web.config file for a serviceModel element. If you need to configure the WCF client in code then remove that entire element from the web.config file which may be where the wrong URL is coming from. If you do want to configure WCF from the web.config file, then remove your current code and use the following two lines to create the client and invoke the service:
var _client = new UserServicesClient("BasicHttpBinding_IUserServices");
UserWebsite = _client.GetUserWebsite(username);
where the something like the following section exists in your web.config serviceModel element:
<system.serviceModel>
<client>
<endpoint
name="BasicHttpBinding_IUserServices"
address="http://www.codetrials.local/wcf/UserServices.svc"
binding="basicHttpBinding"
contract="IUserServices" >
</endpoint>
</client>
<!-- rest of element snipped -->
Finally, you should not wrap the UserServicesClient instantiation in a using statement because of the reasons outlined in this post. WCF is a tricksty beast....
EDIT:
Based on the update with your config, your problem may be that the service URL is:
http://www.codetrials.local/wcf/UserServices.svc/wcf/UserServices.svc
The wcf/UserServices.svc seems to be duplicated.