RE: WCF SOAP Router Including Credentials
- From: Jimmer <Jimmer@xxxxxxxxxxxxxxxx>
- Date: Mon, 26 Nov 2007 03:04:01 -0800
Steven, thanks for the reply.
From your descrpition, you're using the WCF "Intermediary Router" feature
and currently wondering how to apply security on the messages transfered in
router scenario, correct?
Correct. The router should just forward the message from the client
including the clients security headers. The way I've got it working at the
moment is to implement a custom credentials validator on the router and store
the password (encrypted). These credentials are then used to create a channel
to the destination service for every operation call per user! This could be
improved by having one channel per destination service which is user
agnostic. The channel could then be reused without the overhead of creating a
channel every time an operation is called on the router.
BTW, as you mentioned SSL, are you using https/ssl for transport security?
If so, this is certainly supported only in port to port case, you can not
establish ssl/https connecction across multiple nodes(client, router and
server).
Yea, I've got certificates everywhere!! The router server has its own
certificate and the destination server has its own certificate. IIS on the
DMZ and self hosted on the destination server. The external service consumers
are only aware of the router address in an attempt to shield the domain
environment.
Any information on a better way forward will be well received!
Thanks,
Jimmer
"Steven Cheng[MSFT]" wrote:
Hi Jimmer,.
From your descrpition, you're using the WCF "Intermediary Router" feature
and currently wondering how to apply security on the messages transfered in
router scenario, correct?
As for the message routering in WCF, I think it is a XML Webservice/SOAP
specific feature introducted from the WSE 3.0. WSE 3.0 also support message
routering and for security, it is implemented in the following means:
** security header directly forwarded from client to server(ignore the
intermediate router) is not supported
** you need to configure the security assertion(policy) for message
transfering between
1) client <-----> router and 2) router <-----> server
So far, I haven't find any confirmation on the WCF which also support this
kind of security setting. I'll perform some further research to see whether
this kind of security is also supported in WCF.
BTW, as you mentioned SSL, are you using https/ssl for transport security?
If so, this is certainly supported only in port to port case, you can not
establish ssl/https connecction across multiple nodes(client, router and
server).
I'll update you if I get any more information on this.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?SmltbWVy?= <Jimmer@xxxxxxxxxxxxxxxx>
Subject: WCF SOAP Router Including Credentials
Date: Sun, 25 Nov 2007 11:30:00 -0800
Hello,
I've been trying to create a WCF SOAP Router Service that can forward not
just the message body but also any security headers set by the originator
of
the message. The destination service I'm routing messages to uses
WSHttpBinding, SSL with UserName/Password client credentials. Using
guidance
from the Technology samples I can create a router that forwards messages
without security credentils but not with them. Can anybody point me in the
right direction... should I be creating a custom channel to handle this? or
is there a bundle of framework classes I should use?
Deployment scenario : Consumer connects to a router service on a DMZ (Out
of
Domain). The router service is unable to authenticate the users of the
service. Router determins the correct destination service and forwards SOAP
message + security credentials. Destination service impersonates consumer
and
replys to the message.
Any help or guidance would be appreciated!
Thanks,
Jimmer
- Follow-Ups:
- RE: WCF SOAP Router Including Credentials
- From: Steven Cheng[MSFT]
- RE: WCF SOAP Router Including Credentials
- References:
- WCF SOAP Router Including Credentials
- From: Jimmer
- RE: WCF SOAP Router Including Credentials
- From: Steven Cheng[MSFT]
- WCF SOAP Router Including Credentials
- Prev by Date: RE: WCF SOAP Router Including Credentials
- Next by Date: How dynamically configure a webservice address?
- Previous by thread: RE: WCF SOAP Router Including Credentials
- Next by thread: RE: WCF SOAP Router Including Credentials
- Index(es):
Relevant Pages
|
Loading
