Re: WCF Message Security Problem



Hi again,

Ok with a LOT of fiddling around with certificates and security
permissions the problem appears to have been resolved. Kind of ;) I
have message security working but it will only work if I set the
clients certificate validation mode to None:

<authentication certificateValidationMode="None" />

Any thoughts would be appreciated if I set the mode to
PeerOrChainTrust I experience the same faulting channel as before.

Another question....

If the username and password authentication fails the clients channel
simply faults. Security exceptions appear to be thrown very early on
in the pipeline before and thus my custom error handlers don't get
installed in time (IErrorHandler). I find it slightly annoying that I
can't determine the cause of this on the client but I can understand
that lack of information here makes the service more secure.
Determining on the client whether it is an authentication problem or a
communications error is a bit of a pain but I can work around this by
having a separate authentication service to handle login verification
etc.

Regards,
Mark
.



Relevant Pages

  • RE: IAS server blues (Cant get 802.1x to work)
    ... clients. ... and it appears that the certificates are deploying correctly. ... Proxy-Policy-Name = Use Windows authentication for all users ... IAS Log Sample ...
    (microsoft.public.windows.server.general)
  • Re: Weird IAS error with EAP-TLS
    ... computer certificates to authenticate Wireless clients a while back. ... NT-SAM Authentication handler received request for TEST\LAPTOP$. ...
    (microsoft.public.internet.radius)
  • Re: Large-scale 1-1 NAT
    ... gateway and send them the security team. ... between clients and public IPs, why do you need the NAT at all. ... this to save public IPs by NOT giving them to unauthenticated users? ... only allocate the device a public AP after authentication has occured. ...
    (freebsd-net)
  • Re: Basic directory security question
    ... Will the Integrated Windows Authentication allow internet users ... to pass a user name and password for an account local to the server (with ... Also, in the IIS MMC, on the security tab, ... > certificates that will work, but the user will get a popup message ...
    (microsoft.public.inetserver.iis.security)
  • Re: Stronger password based HTTP client authentication?
    ... > That is as far as the SSL authentication goes. ... Well, SSL is able to authenticate the clients, too, with client X.509 ... it is not always feasible to distribute certificates to clients. ...
    (comp.security.misc)