Derik Whittaker

Syndication

News


Setting up WCF Server/Client configuration for Anonymous Access

If you have ever setup a set of WCF services and tried to have them communicate across physical machines you know that out of the box this is not ‘possible’ due to security constraints. But, it is 100% possible to set up your services to communicate in a pure 'open’ manor and in fact it is dead simple to do this.  Now before anyone starts jumping down my throat, I completely understand that setting up WCF to communicate in a ‘anonymous’ way with no direct security can be a bad thing, but there are times/situations where this is acceptable.

In order to setup clear/anonymous communication you need to make changes to both service side settings and the client side settings.

First lets take a look at what is needed on the service side.

-- Server settings --

   <bindings>
      <wsHttpBinding>
        <binding name="Custom.WSHTTPBinding.Configuration"
                 maxBufferPoolSize="655360"
                 maxReceivedMessageSize="655360">
            <security mode ="None"/>
        </binding>
      </wsHttpBinding>
    </bindings>

<service behaviorConfiguration="Custom.ServiceBehavior"
  name="Custom.CommonEndpoints.Domain.Resources">
    <endpoint address=""
              binding="wsHttpBinding"
              name="Custom.WSHTTPBinding.Configuration"
              bindingConfiguration="Custom.WSHTTPBinding.Configuration"
              contract="Custom.CommonEndpoints.Domain.IResources">
        <identity>
            <dns value="localhost" />
        </identity>
    </endpoint>
    <!—WE DO NOT WANT THIS TURNED ON FOR PRODUCTION
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
     -->
</service>

<behaviors>
  <serviceBehaviors>
    <behavior name="Custom.ServiceBehavior">
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>

What are the settings above telling you?

  1. We have  a custom wsHttpBinding section. In this section the item to pay attention to is the <security mode ="None"/> setting.  This tells wcf to send the data in clear text
  2. For each of our services we have turned off the mex endpoint.  This will not allow our service to be discovered and have its meta-data exchanged (we are using shared assemblies with our contracts)
  3. For each of our services we are using this custom wsHttpBinding section we created

Now that we have seen what is needed on the service side we need to take a look at what is needed on the client side.

-- client settings --

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="Custom.WSHTTPBinding.Configuration"
                closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00"
                sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false"
                hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288"
                maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8"
                useDefaultWebProxy="true" allowCookies="false">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <reliableSession ordered="true" inactivityTimeout="00:10:00"
                    enabled="false" />
                <security mode="None">
                    <transport clientCredentialType="Windows" proxyCredentialType="None"
                        realm="">
                        <extendedProtectionPolicy policyEnforcement="Never" />
                    </transport>
                    <message clientCredentialType="Windows" negotiateServiceCredential="true"
                        establishSecurityContext="true" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address=http://SOMESERVERNAME:9997/Custom/Services/Resources
            binding="wsHttpBinding" bindingConfiguration="Custom.WSHTTPBinding.Configuration"
            contract="IResources" name="Custom.WSHTTPBinding.Configuration">
            <identity>
                <dns value="localhost" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>

  1. We have another wsHttpBinding section and again this section has its security mode set to none <security mode ="None"/>

Well, from the client’s perspective that was easy :)

As you can see setting up wcf to allow clear communication is easy and pretty straight forward.  I do want to mention that you should ONLY do this if you know what you are doing and you are not exposing these services to the public.  Of course if you are exposing these services to the public you MUST provide some layer of security on these services.

Till next time,


Posted 03-30-2010 6:52 AM by Derik Whittaker
Filed under:

[Advertisement]

Comments

Scott Banwart's Blog wrote Distributed Weekly 44
on 06-04-2010 10:46 AM

BizTalk Unit Testing BizTalk Business Rule Engine Fix for Consuming WCF Service in BTS2009 Hotfix for BizTalk Server 2009 Developer Tools BizTalk Best Practice Analyzer v1.2 – BTS 06,06R2 + 09 Challenges of supporting a high volume production BizTalk

About The CodeBetter.Com Blog Network
CodeBetter.Com FAQ

Our Mission

Advertisers should contact Brendan

Subscribe
Google Reader or Homepage

del.icio.us CodeBetter.com Latest Items
Add to My Yahoo!
Subscribe with Bloglines
Subscribe in NewsGator Online
Subscribe with myFeedster
Add to My AOL
Furl CodeBetter.com Latest Items
Subscribe in Rojo

Member Projects
DimeCasts.Net - Derik Whittaker

Friends of Devlicio.us
Red-Gate Tools For SQL and .NET

NDepend

SlickEdit
 
SmartInspect .NET Logging
NGEDIT: ViEmu and Codekana
LiteAccounting.Com
DevExpress
Fixx
NHibernate Profiler
Unfuddle
Balsamiq Mockups
Scrumy
JetBrains - ReSharper
Umbraco
NServiceBus
RavenDb
Web Sequence Diagrams
Ducksboard<-- NEW Friend!

 



Site Copyright © 2007 CodeBetter.Com
Content Copyright Individual Bloggers

 

Community Server (Commercial Edition)