Zuker On Foundations - All Comments

re: ClickOnce Deployment w/ Prerequisites in IIS

Tom Willwerth — Mon, 25 Aug 2008 16:41:10 GMT

Thanks for posting! This solved the issue in my environment as well.

re: WCF - Creating a certificate

Jimmy — Fri, 01 Aug 2008 16:25:01 GMT

Thanks for the tip.

re: Managing Multiple Configuration File Environments with Pre-Build Events

Schalk — Tue, 15 Jul 2008 16:16:19 GMT

For interest sake, have a look at how Castle Windsor does this using XML processing instructions in the config file - a different way of doing things...

www.castleproject.org/.../defines.html

<?define DEBUG?>

<?if DEBUG?>

<component

id="my.component"

service="Namespace.IService, AssemblyName"

type="DebugVersion, AssemblyName" />

<?elsif STAGE?>

<component

id="my.component"

service="Namespace.IService, AssemblyName"

type="DebugVersion, AssemblyName" />

<?elsif PRODUCTION?>

<component

id="my.component"

service="Namespace.IService, AssemblyName"

type="DebugVersion, AssemblyName" />

<?else?>

<component

id="my.component"

service="Namespace.IService, AssemblyName"

type="DebugVersion, AssemblyName" />

<?end?>

</components>

<?undef DEBUG?>

</configuration>

re: Enum - Working with [Flags]

joeyw — Thu, 19 Jun 2008 22:04:37 GMT

Cool, may be more effecient to use

1 << (int)DayOfWeek.Tuesday.

instead of pow.

re: WCF Visualizers

Dan — Thu, 12 Jun 2008 03:30:01 GMT

Thanks,

Very cool tool.

re: WCF Security - UserName Over TCP Transport

zuker — Sun, 08 Jun 2008 07:20:28 GMT

Hi KJQ,

If I understand you correctly, you are talking about security delegation / cascading matters.

The flow as I understand is as follows:

Client --> Service A --> Service B

What is the security configuration for both Service A and Service B?

When you say Service A is an AspNet service, do you mean it is mapped to the aspnet roles store? (configured with Username authentication and aspnet roles authorization)

What is Service B configured with? If it is the native form of Tcp Binding, it is configured to accept windows tokens.

If that is the case, you have 2 services configured with different authentication.

This is a problem, because Service A will not have a Windows principal if it configured so, when calling Service B from the context of Service A, there wouldn't occur delegation in this case.

You could perform impersonation in Service A, but you would have to match a windows account for each username detail, plus you would have to know its password.

You should determine the following -

1) - Could the security configuration be matched between the services?

- Perhaps add another authentication mode to Service B which would support Username as well.

- Use Claims-Based security.

2) - Perhaps implementing a STS, trusting it in all services, some sort of WS-Trust

3) - Impersonate an appropriate windows account when calling Service B.

4) - Determine the best technical way to perform the security token delegation between services.

re: WCF Security - UserName Over TCP Transport

KJQ — Sun, 01 Jun 2008 13:58:41 GMT

Almost...what i have is the following:

1) Public client makes call to a service (ServiceA) using public endpoint (wsHttp) and AspNet. Client and server config matches.

2) From within the service (ServiceA) I want to call another service (ServiceB) that exposes an endpoint for internal use only (TCP or Pipes).

The issue I have been having is cascading the credentials from the AspNet (ServiceA) invocation to ServiceB. At the point when I am in ServiceA I have the Principal. Now what I want to do is call another service from that service and cascade those credentials over. I don't need to necessarily secure the inner-service (ServiceB) just carry the Principal over.

In summary, I want to make service-to-service calls similar to how I make public-to-service calls.

Thanks.

re: ClickOnce Deployment w/ Prerequisites in IIS

Assaf — Wed, 28 May 2008 08:55:34 GMT

Cool!

re: WCF Security - UserName Over TCP Transport

zuker — Wed, 21 May 2008 17:00:29 GMT

Hi KJQ,

There is a sample in the SDK which is called 'Trusted Facade' (usually at C:\Program Files\Microsoft SDKs\Windows\v6.0\Samples\WCFSamples\TechnologySamples\Scenario\TrustedFacade\CS)

The sample illustrates this concept.

As I understand from you,

Th client's endpoint is configured using a wsHttpBinding and the service is configured to use tcp protocol?

In this case you will experience problems and the communication will not work.

The bindings between the client and server must match.

re: WCF Security - UserName Over TCP Transport

KJQ — Wed, 21 May 2008 16:32:53 GMT

This looks like exactly what i have been trying to do except the only difference is I have a wsHttp endpoint calling a tcp service and want to pass the credentials over to that.

Is there a source code sample for this?

Thanks.

KJQ