Message layer security:
Message security uses the WS-Security specification to secure
messages. The specification describes enhancements to Simple Object
Access Protocol (SOAP) messaging to ensure confidentiality, integrity, and
authentication at the SOAP message level (instead of the transport level).
Message security is available on all of the bindings except
for netNamedPipeBinding and MSmqIntegrationBinding.
When using Windows authentication, message security uses the
service’s Windows token to provide message security. When using non-Windows
authentication such as username, certificate, or issue token authentication,
you have to configure a service certificate as service credentials. Message
security uses the service certificate for message protection.
“Message level security encrypts request /
response messages using WS-Security specifications. It encloses security
credentials and claims with every message. Each message either signed or
encrypted. Message Security provides end-to-end channel security and is
independent of transport protocol.”
- Message Security
is not dependent on WCF protocols. It provides the security regardless of binding
used.
Lets see how to implement Message level
security in WCF.
Step1: vs command prompt run as
administrator:
We need to create both
Server certificates.
c/> makecert -sr
currentuser -ss My -a sha1 -n cn= WCfMsgTestServer -sky exchange –pe
Note: In order to do so, you need to install SDK
tools from microsoft. If you install , you may findmakecert.exe
in "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin".
in "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin".
here in above command
1. Currentuser is storeLocation
2. My is storeName
3. vinodCertificateServer1 is findValue.
Step2:
The certificates is
created but it is not still under trusted category. For that Open Microsoft
Management Console. Go to Run --> execute "MMC"
Now console is opened, go to File --> Click on "Add/Remove Snap-in" --> Now select Certificates on left pane and click "Add" button. open certificate window.
Now console is opened, go to File --> Click on "Add/Remove Snap-in" --> Now select Certificates on left pane and click "Add" button. open certificate window.
c>mmc
fileàadd/remove
certificateàcertificateàaddàfinish:
main window of mmcàcertifieàpersonalàcertificate
(now you will get certificate that created in step 1)
Now, certificates were
added to console view. There will be different categories of certificates. If
you open Personal folder, we can find the certificates we created in earlier
steps. Copy them to Trusted People folder.
Step3: Insert
below code snippets in you server config file.
add bindings
<bindings>
<wsHttpBinding>
<binding name="MyMessage">
<security>
<message clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
Step 5: map
binding into end point.
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyMessage"
contract="TestMessageLayerSecurity.IService1">
Step 7: Add service
credential into behavior tag
Update behavior
section
<behaviors>
<serviceBehaviors>
<behavior>
[--Add service credential--]
<serviceCredentials>
<clientCertificate>
<authentication
certificateValidationMode="None"/>
</clientCertificate>
<serviceCertificate
findValue="vinodCertificateServer1"
storeLocation="CurrentUser" storeName="My"
x509FindType="FindBySubjectName"></serviceCertificate>
</serviceCredentials>
[--END--]
</Behaviour>
</serviceBehaviors>
</behaviors>
Step 8:
Add this at clien end:
NameSpace: using System.ServiceModel.Security;
Service1Client svcc = new Service1Client();
svcc.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode
= X509CertificateValidationMode.None;
Step 9:
Remove identity section in wcf web config file
<identity>
<dns value="localhost"/>
</identity>
http://pratapreddypilaka.blogspot.in/2011/10/wcf-implementing-message-level-security.html
http://pratapreddypilaka.blogspot.in/2011/10/wcf-implementing-message-level-security.html
No comments:
Post a Comment