Configure message ProtectionLevel in WCF
On to client and service security in WCF. You can set the protection level of messages sent over the wire at the message, fault, operation and/or service level in WCF. There are three message...
View ArticleCIA Triad and the Fundamentals of Computer Security
Just a pointer to dust of some of the key principles of system security. The CIA Triad is an industry standard security model developed to help us think about important aspects of the security of our...
View ArticleHow To Install Test Certificate for WCF SSL Transport
It took me some time to figure this out. For a secure message transport we need a Secure Sockets Layer (SSL) Certificate from a Trusted Root Certification Authority like Symantec VeriSign. For...
View ArticleUsing SSL Transport Security with WCF BasicHttpBinding
If you create a BasicHttpBinding endpoint in WCF, by default neither messages or transportation is secure. Anyone snooping on the wire can read along. An easy way to secure communication over HTTP is...
View ArticleWCF Message Security with Windows Credentials on NetTcpBinding
In a previous example I configured the EchoService to use transport security for BasicHttpBinding. Only the transport pipe is secured in this case. If point-to-point security isn’t secure enough, we...
View ArticleHow to Impersonate a Windows Client on a WCF Service
The previous example showed how to configure message based security with Windows authentication. So we know who the user is calling our service operations. But what can the user do on our system? On...
View ArticleWindows Authorization in WCF with PrincipalPermission
In the previous example we did an impersonation of a windows user on a service operation. With the PrincipalPermission attribute we can also provide role based security. To test this on the...
View ArticleUsing SQL Membership Provider with SQL Azure
Setting up the SQL Membership Provider with SQL Azure is easy. In fact there’s really not much of a difference with the usual setup. Our SQL database lives in the cloud, and that’s about it. So let us...
View ArticleUsing a Shared Access Signature to Access a Blob on Azure
Windows Azure Blob Storage is a great place to store large files, as we saw in the previous example. But what if we wanted to control who sees what en when? One convenient way of doing this is by...
View ArticleCreate a Secure Password Hash with BCrypt
Right of the bat: there’s no such thing as a secure password hash. But we can make an attacker’s life harder if we try. For years we used (and sometimes still use) algorithms like MD5, SHA-1, SHA-256,...
View ArticleSimple Claims based Identity in .NET 4.5
For years we used the Identity and Principal with Role based security constructs build into the .NET Framework like WindowsIdentity and GenericIdentity. Today’s systems are getting more and more...
View Article