I'm looking for a way to secure my WCF service using http and simple username-password authentication, without using certificates.
The service is consumed by an Android device so I can't use the .NET Proxy generated classes.
I've read about basic HTTP authentication but haven't found an easy way to implement this method.
Have you tried using the MSDN custom Username/Password validator for WCF? It relies on the serviceCredentials configuration and implementing a UsernamePasswordValidator.
I've found ASP.NET Web API, seems like a better solution for REST-based Services than WCF.
Related
I need to authenticate APP "A" according to APP "B" authorizations, using an existent and available login method. Just checking username and password, no token, no certificate. Basic auth.
I do not control any of that app, so I manage to create a web service to intermediate communications.
I am quite new to this, so I have starting reading about it. I have ended up some simple examples using WCF to perform it. I'm using c#.
Should I do it using WCF? What should be (conceptually) my approach?
You can do anything you want from a WCF service, as long as you keep the constraints of running as a Windows Service (either directly or through IIS) in mind.
So yes, you can just use HttpClient or RestSharp to talk to the REST API from your WCF code.
I'm developing WCF Rest JSON service for Android and IOS Mobile apps. I need to provide some security to this..I gone through many Articles but most of them using Certificates.. Could anyone suggest which is the best and built in way to secure the service..
I would recommend the use of OAuth (Since you are on multiple mobile platforms).
It does not use user/password authentication, you instead include OAuth inside the HTTP header.
Here is documentation and sample implementations;
http://blogs.msdn.com/b/odatateam/archive/2011/01/20/oauth-2-0-and-odata-protecting-an-odata-service-using-oauth-2-0.aspx
http://www.codeproject.com/Tips/372422/Secure-WCF-RESTful-service-using-OAUTH
http://www.codeproject.com/Tips/817102/Consuming-OAUTH-Enabled-Restful-WCF-Service-using
I have an old SOAP api that uses an ASMX endpoint, will Azure API Management be able to recognize and interface with it?
There are more people interested in this feature: feedback.azure.com. This is currently not supported however.
Support for pass-through SOAP endpoints was added recently: https://azure.microsoft.com/en-us/updates/general-availibility-azure-api-management-soap-pass-through/
SOAP-to-REST scenarios are also possible using policies: https://blogs.msdn.microsoft.com/apimanagement/2016/12/14/soap-to-rest/
I have a c# project that exposes services via WebApi and also via WCF. It works under IIS.
Now I need to offer it as self host solution.
I cannot find documentation about Owin and how to expose WCF services.
Does OWin support WCF?
I think the question should be the other way around. Does WCF support OWIN?
As I understand, OWIN offers the infrastructure needed to abstract away the web server. However, whatever framework you want to use on it must have an OWIN implementation, which I think WCF does not.
Nonetheless, you can still offer a self hosted application using OWIN or WebApi SelfHost for WebApi combining with a Self Hosted solution for the WCF as described in the documentation for WCF -> http://msdn.microsoft.com/en-us/library/ee939340.aspx
WCF is not supported on OWIN at this point of time. Owin.org > Projects has information on the supported frameworks on OWIN.
I used to deal with web services and we secured it using the credential header with soap. The calling application would need to pass a username and password in the credential header. We are now looking at using a WCF restful based webservice and want to secure it. Wondering what the best way to secure it is?
I was thinking that I could stuff a username and password in the POST variables (this thats what they are called). But is this the proper way to secure a restful web service?
This link describes how to use WCF with WS-Security.
This link describes what WS-Security is.
This link describes the architecture of the WCF security component.
Not sure if you can combine those with REST but know that HTTP has an authentication mechanisms of it's own (See Basic authentication and Digset authentication and this overview about both).
The RESTful way to do it imo would be using the HTTP authentication.
I think you have some research to be done :)