How to implement security in WCF service

There are three type of security in WCF
1. Message level Security
2. Transport level Security
3. TransportWithMessageCredential

Here we see how to implement Message Level securtiy in WCF service :


Setp 1 :
Create a class with name "CustomUserNameValidator" and the class should inherit from "System.IdentityModel.Selectors.UserNamePasswordValidator" in wcf service project.

namespace WcfService1
{
public class CustomUserNameValidator :System.IdentityModel.Selectors.UserNamePasswordValidator
{

public override void Validate(string userName, string password)
{
if ((userName != "arindam") && (password != "acpass"))
throw new FaultException("Invalid credentials");
}
}
}

Setp 2 :
Add the folowing tag in your host webconfig file
================================================
< services >
< service behaviorConfiguration="ETG.Base.Applications.EClinic.Services.DoctorServiceBehavior"
name="ETG.Base.Applications.EClinic.Services.DoctorService" >
< endpoint address="http://localhost:50219/DoctorService.svc" binding="wsHttpBinding" contract="ETG.Base.Applications.EClinic.Services.ServiceDefination.IDoctorService" >
< identity >
< dns value="localhost" / >
< /identity >
< /endpoint >
< endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" / >
< /service >
< / services >
< behaviors >
< serviceBehaviors >
< behavior name="WCFSampleServiceBehaviors" >
< serviceMetadata httpGetEnabled="true" / >
< !-- The tag below allow to get the exception details from client -- >
< serviceDebug includeExceptionDetailInFaults="true"/ >

< !-- The tag below allow service to implement securty -- >
< serviceCredentials >
< userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfService1.CustomUserNameValidator,WcfService1"/ >
< /serviceCredentials >
< /behavior >

< /serviceBehaviors >
< /behaviors >

< bindings >
< wsHttpBinding >
< binding name ="WCFSampleServiceBinding" >
< security mode="Message" >
< message clientCredentialType ="UserName" / >
< /security >
< /binding >
< /wsHttpBinding >
< /bindings >

now we are done with service seide implementation of message level security. just run the service, make sure it runs properly.

The next step is to see how we can access the wcf service with right credential. also we see if the credential is wrong then what error message we get ?

Open your existing asp.net project or create a new project, add the service reference, open the web config file, now you should see that service reference has been added in < system.serviceModel > section.

we are just one step away from testing .

Setp 3 :

Now set the credential to service client class this way ..
DoctorServiceClient dClient dClient = new DoctorServiceClient();
dClient.ClientCredentials.UserName.UserName = "arindam";
dClient.ClientCredentials.UserName.Password = "acpass";

dClient.CallMyMethod();
this should work fine, to test the credential just change the username/password, you should get error message thrown by service.

Now we see how to create certificate !

Go to Visual Studio Command Prompt


Go to working directory CD E:\Projects\RND2\ETG.CRM2.MVC

Run the following command

makecert -n "CN=RootCRMWCF" -r -sv RootCRMWCF.pvk RootCRMWCF.cer

One window prompt will appear and ask for password

Set some password like “crmpass123” (as you like)

Now check your working folder, you see one certificate and one pvk file has been created.

 
========
How to create certificate on local machine
http://msdn.microsoft.com/en-us/library/ff648498.aspx


How to configure certificate on IIS 7
http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx