Impersonation and Delegation in WCF
| Impersonation is a technique that WCF Services use to authorize the caller’s identity to access to service resources such as files and database tables. Service resources can be located either on local service machine or remotely hosted. The resources are being accessed by WCF Service’s process identity or specific windows identity. |  |
Difference between Impersonation and Delegation in WCF?
Impersonation is used to access the resources when the resources are on the same machine as the service. Delegation is used to access the resources that are remotely hosted.
There are two types of Impersonation in WCF
- Imperative Impersonation – Perform programmatically at run time
- Declarative Impersonation – Applied with a static attribute which associated with an operation.
Related Posts:
1 commentHow to choose right WCF binding?
|
Binding in WCF defines how clients can connect with your service. The base class for all bindings in WCF is System.ServiceModel.Channels.Binding. A Binding includes definition for WS-* protocols used, the message encoding and the transport protocol. The available WCF Bindings are
|
|
Related Posts:
1 commentTransport and Message Security in WCF
This post discusses about transport and message security. In Transport Security user credentials and claims are passed using transport layer. The transport protocols are TCP, HTTP, MSMQ and IPC. Each of these protocols have their own mechanism for passing user credentials. The most common approach is using secure socket layer(SSL) for encrypting the details which sent over HTTPS.
Related Posts:
No commentsService Orientation vs Object Orientation
Services are good communication technique to use across application and platform boundaries. Service-oriented approach always preferred when you are building a distributed application. Object orientation approach provides a view of what a system should look and effective for producing logical models. Object based approach can fail to consider real-world factors like physical distribution and network communication. This post compares the two approaches.
| Object Orientation | Service Orientation |
| Suitable in a homogeneous platform and execution environment. |
Suitable in a heterogeneous platform and execution environment. |
| Shares types, not schemas. | Shares schemas, not types. |
| Runs in cheap and transparent communication. | The cost is variable and requires explicit communication. |
| Life-time of objects is maintained by the infrastructure. | Services are autonomous –Security and failure isolation are necessary. |
| It requires synchronized deployment of both client and server. | It allows continuous, separate deployment of client and server. |
| Provides no guide-lines for state management and ownership. | It maintains and uses the reference state. |
| You can predict the sequence of events, timeframe and outcome of invocations. | Message orientation approach and supports asynchronous and long-running communications. |
| Goal is to transparently use functions and types remotely. | Goal is to provide inter-service isolation and interoperability based on standards. |
Share this post :
Related Posts:
No commentsOData and Windows Azure
This post discusses about building a service using CLOUD platform that can reach various devices. What is OData and Where it fits in? OData is a specification that makes very easy to exchange and interact with data on the web. So OData is all about connecting up devices to the CLOUD. This post also discuss how to create a OData Service in Visual Studio 2010 and host it on Windows Azure then explains how to consume the service on Windows phone Mango.
What id OData?
A REST based set of patterns for accessing information via services
It is a great protocol for connecting devices to the CLOUD. The REST API’s which you might have developed having the following common requirements
- Querying the data
- Ordering the data
- Paging the data
- Filtering the data
- Even CRUD operations on data
OData provides a common way to do the above operations. If you got your web API and if you use OData then you have got a wide range of options to expose of your data to various client libraries and platforms.
Related Posts:
No commentsWCF Discovery with UDP
Inorder to call the WindowsCommunicationFoundation service, a port or pipe which assigned to the service must be available and the client must know the address endpoints before calling the services.
If the service could use any available address then client can discover that address at runtime. There is a industry standard-based solution which helps in discovering the service addresses.
Address Discovery
Discovery relies on the User Datagram Protocol(UDP). Client uses UDP to broadcast discovery requests for any end-point which supports the contract type. These requests are received by dedicated end-points. The end-points responds back to the client with service-address that support specified contract.
WCF offers a standard discovery endpoint with the type UdpDiscoveryEndpoint
Related Posts:
No commentsWeb services security
Introduction
Securing a Web service is possible using WSE (Web Services Enhancements) for .NET. We can define the security requirements for both incoming and outgoing SOAP Messages this we can call it is a policy.
We can define the policy in two ways
1. Using WSE Settings 3.0 Tool
2. Adding the policy element to the XML file
Alternatively we can define the policy file either in development or deployment environment. It is more easy for an administrator to define a policy for an application when it is deployed using policy file.
Related Posts:
1 commentMTOM Support to Web Service
Overview of MTOM
Using MTOM an application can send or receive a large amount of data. MTOM allows message-level security to be applied to the message including binary data. MTOM encodes the SOAP message and transmits the message as XML.
Following is the procedure to send large amount of data using MTOM
- Open the web service project in Visual studio 2005
2. Enable the project to use WSE by
a. In solution explorer right click the project and then click WSE Settings
b. Select the general tab
c. Select Enable this project for Web Services Enhancements and
Enable Microsoft Web Services Enhancements SOAP Protocol
Factory.
3. Specify that web service can accept SOAP messages encoded using MTOM.
a. In solution explorer right click the project and then click WSE Settings.
b. Select the Messaging tab.
c. Choose optional or always for the Server Mode.
always MTOM mode specifies that all incoming and outgoing SOAP
messages must be MTOM encoded.
optional MTOM mode specifies that whether or not all incoming and
outgoing messages can be encoded.
Define a Web service method that returns a byte array.
[WebMethod]
public byte[] GetFile(string fileName){
byte[] response; String filePath = AppDomain.CurrentDomain.BaseDirectory+ @"App_Data\" + fileName; response = File.ReadAllBytes(filePath); return response;}
4. Configure the Web server to handle the larger amount of data.
<configuration>
<system.web>
<httpRuntime maxMessageLength="409600"
executionTimeoutInSeconds="300"/>
</system.web>
</configuration>
Related Posts:
3 commentsDigital Signing the SOAP Message
WSE allows you to digitally sign a SOAP Messages by overriding the SecureMessage method.
To sign a SOAP message
1. The following code example overrides the SecureMessage method.
public override void SecureMessage(SoapEnvelope envelope, Security security)
{//Obtain the security token with which you want to sign the SOAP message with.
KerberosToken kerbToken = newKerberosToken("host/" + hostname + "@" + domainName);// Add the security token. security.Tokens.Add(kerbToken);// Specify the security token to sign the message with. MessageSignature sig = new MessageSignature(kerbToken);// Add the digital signature to the SOAP message. security.Elements.Add(sig);
}
Related Posts:
2 commentsAdding Security Credentials to SOAP
The WSE 3.0 for .NET enables the developers for creating one or more security credentials that can be added to the SOAP Message.
The following procedure describes how to add one or more security credentials to a SOAP Message.A computer must be configured to accept the SOAP Messages embedded with the security credentials.
Two types of security credentials that can be setup for the computer
- X.509 certificate.
- Username and Password.
You can configure the computer for X.509 certificate by reading the SOAP Messages signed by an X.509 Certificate.
You can also configure the computer for Username Token by validating SOAP Messages signed by Username Token.
Following procedure is To Add a security token to SOAP
1. Open the Web Service Client project
2.Add references to the Microsoft.Web.Services3 and System.Web.Services assemblies.
3. Add a Web Reference to the Web service that is to receive the SOAP message signed with the UsernameToken.
4. Add the folllowing user directives
using System; using System.Collections.Generic; using System.Text; using System.Security.Cryptography.X509Certificates; using Microsoft.Web.Services3; using Microsoft.Web.Services3.Design; using Microsoft.Web.Services3.Security; using Microsoft.Web.Services3.Security.Tokens;
5. Write the following code by overriding the SecureMessage Method in web service.
public override void SecureMessage(SoapEnvelope envelope, Security security) {UsernameToken userToken; userToken = new UsernameToken(userName, userPasswordEquivalent, PasswordOption.SendNone);// Adds the token to the SOAP header. security.Tokens.Add(userToken);}
