RE: WCF SOAP Router Including Credentials
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Fri, 30 Nov 2007 03:43:20 GMT
{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\lang2052\f0\fs20 Hi Jimmer,
\par
\par After some further discussing with some other engineers, I'm afraid there hasn't a direct means to make those security assertion flow from client to backend(bypass the intermedate router). The reasonable way is to implement security assertion on both stages(client <---> router and router <---> server).
\par
\par Sincerely,
\par
\par Steven Cheng
\par
\par Microsoft MSDN Online Support Lead
\par
\par
\par This posting is provided "AS IS" with no warranties, and confers no rights.
\par
\par \pard\li720 --------------------
\par
\par Content-Transfer-Encoding: 7bit
\par From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
\par Organization: Microsoft
\par Date: Wed, 28 Nov 2007 04:16:46 GMT
\par Subject: RE: WCF SOAP Router Including Credentials
\par
\par Sure. I am currently discussing with some other WCF engineers to see whether they have any suggestion on this. Will keep you update.
\par
\par Sincerely,
\par
\par Steven Cheng
\par
\par Microsoft MSDN Online Support Lead
\par
\par
\par This posting is provided "AS IS" with no warranties, and confers no rights.
\par
\par \pard\li1440 --------------------
\par From: =?Utf-8?B?SmltbWVy?= <Jimmer@xxxxxxxxxxxxxxxx>
\par References: <ABB82F21-9CFC-4EC3-8F56-2141EE674D70@xxxxxxxxxxxxx> <bYNmrb#LIHA.6908@xxxxxxxxxxxxxxxxxxxxxx>
\par Subject: RE: WCF SOAP Router Including Credentials
\par Date: Mon, 26 Nov 2007 03:04:01 -0800
\par
\par
\par Steven, thanks for the reply.
\par
\par > From your descrpition, you're using the WCF "Intermediary Router" feature
\par > and currently wondering how to apply security on the messages transfered in
\par > router scenario, correct?
\par
\par Correct. The router should just forward the message from the client
\par including the clients security headers. The way I've got it working at the
\par moment is to implement a custom credentials validator on the router and store
\par the password (encrypted). These credentials are then used to create a channel
\par to the destination service for every operation call per user! This could be
\par improved by having one channel per destination service which is user
\par agnostic. The channel could then be reused without the overhead of creating a
\par channel every time an operation is called on the router.
\par
\par > BTW, as you mentioned SSL, are you using https/ssl for transport security?
\par > If so, this is certainly supported only in port to port case, you can not
\par > establish ssl/https connecction across multiple nodes(client, router and
\par > server).
\par
\par Yea, I've got certificates everywhere!! The router server has its own
\par certificate and the destination server has its own certificate. IIS on the
\par DMZ and self hosted on the destination server. The external service consumers
\par are only aware of the router address in an attempt to shield the domain
\par environment.
\par
\par Any information on a better way forward will be well received!
\par
\par Thanks,
\par
\par Jimmer
\par
\par
\par "Steven Cheng[MSFT]" wrote:
\par
\par > Hi Jimmer,
\par >
\par > From your descrpition, you're using the WCF "Intermediary Router" feature
\par > and currently wondering how to apply security on the messages transfered in
\par > router scenario, correct?
\par >
\par > As for the message routering in WCF, I think it is a XML Webservice/SOAP
\par > specific feature introducted from the WSE 3.0. WSE 3.0 also support message
\par > routering and for security, it is implemented in the following means:
\par >
\par > ** security header directly forwarded from client to server(ignore the
\par > intermediate router) is not supported
\par >
\par > ** you need to configure the security assertion(policy) for message
\par > transfering between
\par > 1) client <-----> router and 2) router <-----> server
\par >
\par > So far, I haven't find any confirmation on the WCF which also support this
\par > kind of security setting. I'll perform some further research to see whether
\par > this kind of security is also supported in WCF.
\par >
\par > BTW, as you mentioned SSL, are you using https/ssl for transport security?
\par > If so, this is certainly supported only in port to port case, you can not
\par > establish ssl/https connecction across multiple nodes(client, router and
\par > server).
\par >
\par > I'll update you if I get any more information on this.
\par >
\par > Sincerely,
\par >
\par > Steven Cheng
\par >
\par > Microsoft MSDN Online Support Lead
\par >
\par >
\par >
\par > ==================================================
\par >
\par > Get notification to my posts through email? Please refer to
\par > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
\par > ications.
\par >
\par >
\par >
\par > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
\par > where an initial response from the community or a Microsoft Support
\par > Engineer within 1 business day is acceptable. Please note that each follow
\par > up response may take approximately 2 business days as the support
\par > professional working with you may need further investigation to reach the
\par > most efficient resolution. The offering is not appropriate for situations
\par > that require urgent, real-time or phone-based interactions or complex
\par > project analysis and dump analysis issues. Issues of this nature are best
\par > handled working with a dedicated Microsoft Support Engineer by contacting
\par > Microsoft Customer Support Services (CSS) at
\par > http://msdn.microsoft.com/subscriptions/support/default.aspx.
\par >
\par > ==================================================
\par > \tab
\par >
\par > This posting is provided "AS IS" with no warranties, and confers no rights.
\par >
\par > --------------------
\par > From: =?Utf-8?B?SmltbWVy?= <Jimmer@xxxxxxxxxxxxxxxx>
\par > Subject: WCF SOAP Router Including Credentials
\par > Date: Sun, 25 Nov 2007 11:30:00 -0800
\par >
\par >
\par > Hello,
\par >
\par > I've been trying to create a WCF SOAP Router Service that can forward not
\par > just the message body but also any security headers set by the originator
\par > of
\par > the message. The destination service I'm routing messages to uses
\par > WSHttpBinding, SSL with UserName/Password client credentials. Using
\par > guidance
\par > from the Technology samples I can create a router that forwards messages
\par > without security credentils but not with them. Can anybody point me in the
\par > right direction... should I be creating a custom channel to handle this? or
\par > is there a bundle of framework classes I should use?
\par >
\par > Deployment scenario : Consumer connects to a router service on a DMZ (Out
\par > of
\par > Domain). The router service is unable to authenticate the users of the
\par > service. Router determins the correct destination service and forwards SOAP
\par > message + security credentials. Destination service impersonates consumer
\par > and
\par > replys to the message.
\par >
\par > Any help or guidance would be appreciated!
\par >
\par > Thanks,
\par >
\par > Jimmer
\par >
\par \pard\li720
\par
\par \pard
\par
\par }
- References:
- WCF SOAP Router Including Credentials
- From: Jimmer
- RE: WCF SOAP Router Including Credentials
- From: Steven Cheng[MSFT]
- RE: WCF SOAP Router Including Credentials
- From: Jimmer
- RE: WCF SOAP Router Including Credentials
- From: Steven Cheng[MSFT]
- WCF SOAP Router Including Credentials
- Prev by Date: msdiscocodegenerator failed when update web reference in vs2008 for smart device application
- Next by Date: Consume multiple web services Async
- Previous by thread: RE: WCF SOAP Router Including Credentials
- Next by thread: How dynamically configure a webservice address?
- Index(es):
Relevant Pages
|
