Click here to Skip to main content
Click here to Skip to main content

Tagged as

Selfhosted Secure WCF by Id password, custom validation

, 16 Jul 2014 CPOL
Rate this:
Please Sign up or sign in to vote.
No config file needed – all setting in code only, No IIS – Self hosted, consume by channel factory

Introduction

Selfhosted Secure WCF Custom validation, No config file needed – all setting in code only, No IIS – Self hosted, consume by channel factory

 

Background

I recently came in situation where I need to make Secure WCF POC in environment where we don’t have IIS and we have only VS 2010 Express. And we need to create totally self dependent POC so no certificate.

The solution is to create self hosted WCF service use custom validation and consume it by using Channel factory. While create this POC I got some error then I started searching internet for similar kind of POC I got couple of them but most of them Is not in ready to run position like have only server side code or have only client or need to change something in app.config. 

 

WCF Server side 

 

Self hosted (console) WCF service,  Transport security (ID/Pwd) 

using System;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.IdentityModel.Tokens;
using System.IdentityModel.Selectors;
using System.Security.Principal;
using System.ServiceModel.Description;
 
namespace SecurWCFSelfHosting
{
    class Program
    {
        [ServiceContract]
        public interface IDemoService
        {
            [OperationContract]
            int Add(int x, int y);
        }
 
        public class DemoService : IDemoService
        {
           public int Add(int x, int y)
            {
                return x + y;
            }
        }

        static void Main(string[] args)
        {
        
            // This is a address of our service
            Uri httpUrl = new Uri("http://localhost:999/MyService/");
            //Create ServiceHost
            ServiceHost host = new ServiceHost(typeof(DemoService), httpUrl);
            
            /// Set behaviour of **binding**
            BasicHttpBinding http = new BasicHttpBinding();
            //1. set Mode TransportCredentialOnly = no httpS 
            http.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
            //2. Transport security Basic = user id and password
            http.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
            
             
            ///** Set behaviour of **host**
            //Add a service endpoint
            host.AddServiceEndpoint(typeof(IDemoService), http, "");
            host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
            host.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new MyCustomValidator();
 
            // checking and publishing meta data
            ServiceMetadataBehavior smb = host.Description.Behaviors.Find<ServiceMetadataBehavior>();
            if (smb == null)
            {
                smb = new ServiceMetadataBehavior();
                smb.HttpGetEnabled = true;
                host.Description.Behaviors.Add(smb);
            }
            
            //Start the Service
            host.Open();
 
            Console.WriteLine(DateTime.Now.ToString()+" Service is host at " + httpUrl.ToString());
            Console.WriteLine("The service is running in the following account: {0}", WindowsIdentity.GetCurrent().Name);
            Console.WriteLine("Press <ENTER> to terminate service.");
            Console.ReadLine(); 
        }
    }
 
    public class MyCustomValidator : UserNamePasswordValidator
    {
        public override void Validate(string userName, string password)
        {
            //For Demo only here you can add logic to validate ID,Pwd in AD or DB
            if ((userName != "h") || (password != "p"))
            {
                throw new SecurityTokenException("Him:) Validation Failed!");
            }
            Console.WriteLine(DateTime.Now.ToString()+" Validation success for user :"+ userName);
        }
    }
}
 
 

 

Client side 

 

Consume in console apps, using channel factory 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.ServiceModel;
using System.ServiceModel.Description;
 
/// svcuti. @ C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin

namespace WCFConsumeByChannelFactory
{
    class Program
    {
        static void Main(string[] args)
        {
 
            EndpointAddress Serviceaddress = new EndpointAddress("http://localhost:999/MyService/");
 
            /// Set behaviour of **binding** Same setting as ##Server##
            BasicHttpBinding httpBinding = new BasicHttpBinding();
            httpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
            httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
            
            ChannelFactory<IDemoService> myChannelFactory =
                new ChannelFactory<IDemoService>(httpBinding, Serviceaddress);
            var defaultCredentials = myChannelFactory.Endpoint.Behaviors.Find<ClientCredentials>();
 
            //#1 IF this dosen not work then try #2
            myChannelFactory.Credentials.UserName.UserName = "h";
            myChannelFactory.Credentials.UserName.Password = "p";
 
            ///#2
            //ClientCredentials CC = new ClientCredentials();
            //CC.UserName.UserName = "h";
            //CC.UserName.Password = "p";
            // myChannelFactory.Endpoint.Behaviors.Remove(defaultCredentials); //remove default ones
            // myChannelFactory.Endpoint.Behaviors.Add(CC); //add required on

            // Create a channel.
            IDemoService wcfClient1 = myChannelFactory.CreateChannel();
 
            double s = wcfClient1.Add(73, 22);
            Console.WriteLine(s.ToString());
            ((IClientChannel)wcfClient1).Close();
 
            Console.ReadKey();
 
        }
    }
}
 
 

These all code is in attached zip file.

 

Points of Interest

While searching in internet i found this :How to: Call Operations Asynchronously Using a Channel Factory  http://msdn.microsoft.com/en-us/library/bb885132.aspx

Bindings Summary

 

http://wcfsecurityguide.codeplex.com/releases/view/15892 

 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Himanshu Thawait
Technical Lead Cognizant
United States United States
Himanshu Thawait is from Pune INDIA, He is Currently Working with Cognizant. As a Technical Designer
 
Himanshu has more than 9+ yrs of experience in the IT industry working on Microsoft Technologies. He is involved in various project activities like designing the system and technical architecture,leading technical front and doing core development.He also has strong knowledge of Enterprise Business Application Domain.
 
Technical experience :C#, ASP.NET MVC 4 @Razor, WCF and Webservices, Biztalk 2010/2009/2006R2 with EDI(HIPPA).

Comments and Discussions

 
QuestionDoes this solution require the server hosting the WCF to be ran as Administrator? PinmemberMember 1095133817-Jul-14 9:38 
AnswerRe: Does this solution require the server hosting the WCF to be ran as Administrator? PinmemberHimanshu Thawait29-Jul-14 5:14 
QuestionQuestion regarding Security Mode ? PinmemberTridip Bhattacharjee16-Jul-14 22:49 
AnswerRe: Question regarding Security Mode ? PinmemberHimanshu Thawait29-Jul-14 5:17 
Questionsource code file link broken PinmemberTridip Bhattacharjee16-Jul-14 22:31 
GeneralMy vote of 5 Pinmember76340180216-Jul-14 20:54 
GeneralMy vote of 5 PinmemberMember 327776027-May-13 23:47 
Questiondownload broken PinmemberMember 967590111-Dec-12 4:55 
cant download any of them,
 
and can you maybe help me i have a webservice which is opened constantly in background, i published him with
 
Type serviceType = typeof(MyService);
m_host = new ServiceHost(serviceType);
m_host.Open();
 
i want an https authentification with username and password only if someone actually invokes anything, not before opening it like you doing, or did i get it wrong?
AnswerRe: download broken PinmemberHimanshu Thawait11-Dec-12 5:41 
GeneralRe: download broken PinmemberRiana13-Jul-14 10:48 
GeneralRe: download broken PinmemberMember 1072351716-Jul-14 4:58 
AnswerRe: download broken PinmemberHimanshu Thawait16-Jul-14 11:57 
GeneralRe: download broken Pinmemberfredatcodeproject16-Jul-14 14:15 
GeneralMy vote of 4 PinmemberChristian Amado2-Aug-12 11:36 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.141223.1 | Last Updated 16 Jul 2014
Article Copyright 2012 by Himanshu Thawait
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid