Implement Security at Receive Handler.

I have exposed aschema as a wcf service, I want to implement security at the receive handler. Can any one suggest me what are the ways to implement the securities at the receive handler.

Thanks,

July 6th, 2015 2:50am

Hi Udal,

You can Use the WCF-WSHttp binding and if you want SSL set the security mode to "transport" or "transportWithMessageCredentials".

WCF-WSHttp Transport Properties Dialog Box, Send, Security Tab

and also

https://seroter.wordpress.com/biztalk-and-wcf-part-ii-security-patterns/

Thanks

Abhishek

Free Windows Admin Tool Kit Click here and download it now
July 6th, 2015 2:54am

Thanks Abhishek !

I am using WCF-BasicHttp , can we implemented transport and message security using this ?

July 6th, 2015 3:15am

There are two types of security one can implement on the receive side

  1. Message level
  2. Transport level

for transport level, certificates for securing the transport or in your case hosting the WCF endpoint in a SSL secured IIS would be the option.

For message level or connection level, you could implement a username/password based option where your WCF service/data contracts expose the appropriate security options, or you can integrate with AD (makes sense only if the consumers are within the enterprise) or you can use client-side certificates (which requires you to have a PKI infra).

The pros and cons for each would depend on the base need for implementing security. Are you protecting business data interchange over unsecured connections (Internet and Partners?) then use a combination of SSL + Certificate based client security [ BizTalk has a default Partner verification for certificates for this ]. If this is internal [EAI] then use a combination of SSL and Integrated Authentication. If the consumers are a mix of non-windows and windows then use Authentication Headers (username + password) backed into AD.

Regards.

Free Windows Admin Tool Kit Click here and download it now
July 6th, 2015 3:23am

Hi Udal,

One of my friend Kundan has written a nice blog for that over code project .Please find the link below .

BizTalk WCF-BasicHttp Transport with Message Credentials

Hope this answer your question . Detailed steps are being mentioned in above project .

Thanks

Abhishek

July 6th, 2015 3:24am

Use https://msdn.microsoft.com/en-us/library/ff650785.aspx from the Microsoft Pattern and Practices if you want to implement Certificate Authentication over WCF, etc.

Regards.

Free Windows Admin Tool Kit Click here and download it now
July 6th, 2015 3:30am

Hi ,

I am using wcf-BasicHttp adapter at receive location, for security, as a security mode with Message and Message client credential type with certificate.

I added the thumbprint of the certificate.

Logged in with the account used for isolated host and added the certificate into Personal and Trusted Root Authority.

Can anyone help me to resolve the issue:

Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindByThumbprint', FindValue 

July 10th, 2015 2:59am

Hi,

I think you did not have correctly installed the certificate installed on  machine. You may try  Internet Explorer (Tools | Internet Options | Content tab | Certificates) installed client certificates.

Under "Personal" tab you can see the installed certificates for you user account (as you are using the "My" store name). Double-clicking on an installed certificate under Details tab you have all information you can use on find value attribute, like the thumbprint

For Reference

Nine simple steps to enable X.509 certificates on WCF

Thanks

Abhishek

Free Windows Admin Tool Kit Click here and download it now
July 10th, 2015 3:16am

Hi,

I think you did not have correctly installed the certificate installed on  machine. You may try  Internet Explorer (Tools | Internet Options | Content tab | Certificates) installed client certificates.

Under "Personal" tab you can see the installed certificates for you user account (as you are using the "My" store name). Double-clicking on an installed certificate under Details tab you have all information you can use on find value attribute, like the thumbprint

For Reference

Nine simple steps to enable X.509 certificates on WCF

Thanks

Abhishek

July 10th, 2015 7:09am

Hi,

I think you did not have correctly installed the certificate installed on  machine. You may try  Internet Explorer (Tools | Internet Options | Content tab | Certificates) installed client certificates.

Under "Personal" tab you can see the installed certificates for you user account (as you are using the "My" store name). Double-clicking on an installed certificate under Details tab you have all information you can use on find value attribute, like the thumbprint

For Reference

Nine simple steps to enable X.509 certificates on WCF

Thanks

Abhishek

Free Windows Admin Tool Kit Click here and download it now
July 10th, 2015 7:09am

Hi,

I think you did not have correctly installed the certificate installed on  machine. You may try  Internet Explorer (Tools | Internet Options | Content tab | Certificates) installed client certificates.

Under "Personal" tab you can see the installed certificates for you user account (as you are using the "My" store name). Double-clicking on an installed certificate under Details tab you have all information you can use on find value attribute, like the thumbprint

For Reference

Nine simple steps to enable X.509 certificates on WCF

Thanks

Abhishek

July 10th, 2015 7:09am

Hi,

I think you did not have correctly installed the certificate installed on  machine. You may try  Internet Explorer (Tools | Internet Options | Content tab | Certificates) installed client certificates.

Under "Personal" tab you can see the installed certificates for you user account (as you are using the "My" store name). Double-clicking on an installed certificate under Details tab you have all information you can use on find value attribute, like the thumbprint

For Reference

Nine simple steps to enable X.509 certificates on WCF

Thanks

Abhishek

Free Windows Admin Tool Kit Click here and download it now
July 10th, 2015 7:09am

Hi,

I think you did not have correctly installed the certificate installed on  machine. You may try  Internet Explorer (Tools | Internet Options | Content tab | Certificates) installed client certificates.

Under "Personal" tab you can see the installed certificates for you user account (as you are using the "My" store name). Double-clicking on an installed certificate under Details tab you have all information you can use on find value attribute, like the thumbprint

For Reference

Nine simple steps to enable X.509 certificates on WCF

Thanks

Abhishek

July 10th, 2015 7:09am

Well, the first question you need to ask/answer is what type of security do you need to support?

You have to match whatever your endpoints/Trading Partners are using.

Free Windows Admin Tool Kit Click here and download it now
July 10th, 2015 9:37am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics