I have a WCF service using wsHttpBinding and Windows Authentication hosted in an intranet environment.
Currently I am trying to host that service into Azure VM. Service is not able to authenticate as it is outside local domain.
Please let me know the steps or rather the configuration, I would need for achieving Windows Authentication. IIS configuration WCF web.config configuration etc.
There is a wealth of information at http://azure.microsoft.com/en-us/documentation/services/active-directory/
If you want to using your domain login's. There are a few approaches to doing this depending on your requirements and this documentation is very good in guiding you to the right solution.
Related
I had developed an Azure WEB Application and published in Azure Web Services.
I need to restrict an access through internet and allow only to INTRANET.
Azure web app service is publicly accessed through the Internet. If you want to restrict an access through the internet and allow only to Intranet. You can put the Azure web app service in an Internal Azure App Service Environment so that this Web App isn't publicly accessible as it is sitting in a subnet inside a Virtual Network and it isn't exposed to the internet. Also, The Azure app service can communicate with the on-premise environment via VPN. For more ref: Networking considerations for an App Service Environment
However, the Isolated ASE is expensive. If you want it cheap and simple and the Web App does not need to access on-prem resources. You can put an IP restriction in the web.config or use AD authentication. Refer to this.
I've setup an Asp.Net Core 2.0 application following the guide here
The goal is to enable Windows Authentication. I've enabled NTLM and Negotiate. I'm working (and will update) on testing Kerberos and Basic as well, but I fear I might not get the automatic sign-in that negotiate brings.
The application works correctly, and when hosted on Service Fabric I can access it directly from the server IP and port. Windows authenticates correctly, everyone is happy, birds are singing, rainbows appear in the sky... its great.
However, when I try to access the application via the Service Fabric Reverse Proxy service, I hit a wall. My browser prompts me for credentials, and will not accept anything that I pass into it.
I fear this may be a limitation of the built in reverse proxy, but this is something so common that its hard to believe that to be the case.
Is there a way to enable pass-through Windows authentication for the built in proxy?
Note: This is not hosted in Azure, but on premises.
Update: Enabling Basic Authentication and Kerberos didn't help either. Basic authentication actually further complicated the issue. With just Basic authentication enabled, I got repeated 401s, even when connecting directly to the service.
I'm new to azure, and I'm trying to setup a single page website(web api 2). How can I limit access to my services so only my website can use it?
I know that I can use app services to setup my web applications/services but as far as i understand it will be open to everyone.
I also read about APIs, but Api management service seems very expensive and advanced for such a simple task. Is there any options? Am I in the wrong track?
Update
Ok, I saw the link for filtering based on IP. But as I've mentioned that single page application also is hosted on Azure. There is no static IP. If that is the way, I still need to know how you will find out about the IPRange.
App Service to use different authentication providers Azure Active Directory,Facebook,Google,Microsoft,Twitter.
We can set any type of Authentication/Authorization in the Azure Portal.More info about how to use authentication for API Apps in Azure App Service, please refer to document.
My scenario is that I have to expose some API over WCF to third party clients. I wanna use the most secure option. Ideal solution would be making a windows account for each client in my server active directory and letting them access the service with Transport & Message security and Client credentials username. So I could ask the client to provide username and password and use windows group policy to role base authorization.
Since this is an internet facing WCF service, I'm not sure I could use windows accounts??? Should I be using database solution to manage usernames, pwd and roles?
Should be able to consume from .NET clients as well as Java clients. Third party clients could be anything that can consume soap.
What's the best security option to this scenario? VPN is not an option as this totally should go over internet. Your help is very much appreciated.
It sounds like what you need is some kind of a token based authentication setup. Microsoft seems to publish the best material in the game for this kind of thing. You can find their articles here and pick the scenario of security that most closely matches your needs:
Microsoft WCF Security
you can use ASP.net membership with form authentication for your service.
using windows authentication for internet facing service is not a good idea.
for more information:
How to: Enable the WCF Authentication Service
Windows Communication Foundation Authentication Service Overview
Securing WCF with Forms Authentication
I am starting development of the new project and since I am new in the WCF world I want to ask your advice.
I am going to implement web-service which will provide data for WPF client and for ASP.NET site. Web site and web service should be hosted in the Windows share hosting (not didicated server) and this fact is bothering me. WPF client and web site will provide almost the same functionality for the user, so I want to implement all logic inside web service not to duplicate it in the client and web site.
Not sure what is the best way to implement such web-service - REST, SOAP or something else? Please, help me with selecting technology for web-service creation, I just want to get direction for optimal solution. 10x.
Update: Sorry I did not wrote details. Service will be something like on-line shop with admin panel, so web service will be used for getting products and for adding new product to the system. It does not support tons of customers, it's just solution for small web-shops.
since you are developing a Web based solution and a WPF client, i would recommend the following options for your WCF services:
REST Option - This option is good if you have some complex Ajax architecture on the client using Json and stuff, or if you want to expose your services publicly. In this case the option is to expose an HTTP endpoint using webHttpBinding on your service. Since your deployment will be on a shared web server, you can host your service inside IIS. I would recommend considering a SSL option for security.
Soap Option - This options is the easy one, and should be more familiar to most developers, since it acts like a usual web service. In this case i would use an HTTP endpoint with wsHttpBinding on the service for enhanced security. Since your deployment will be on a shared web server, you can host your service inside IIS. I would recommend considering a SSL option for security.
Whatever solution you choose you will be able to accomplish your goal to have simple SOA architecture in place and will have centralized services for your CRUD operations.
I hope this answered your question.