Making a Silverlight WCF SOAP service secured with UserNameOverTransport work over HTTP for network architecture -

-

i have silverlight 4 application uses wcf soap service. authentication/authorization happens per call (quasi restful). done using authenticationmode=usernameovertransport - means that username/password in each wcf call, protected ssl encryption of each message. great thing scheme can configure membership provider in web.config authentication, making flexible different installations.

i have client set website on network scheme is: internet <= ssl traffic => external facing ssl enabled forwarding server <= unsecure http in internal network => server hosts application. assure me common architecture , believe them, not experienced internet application developer.

i not sure application set on ssl enabled server (usernamewithtransport on ssl). in plain http not sure how username need provide user specific application data. wcf not provide "usernamewithnotransport" authenticationmode mean sending username/password in plain text, silly. right server side code gets user servicesecuritycontext.current.primaryidentity.name, knowing web server has taken care of ssl encryption , user authentication. how can have work in way makes sense in http solution?

i solution allows me configure solution work in both http , https situation web.config, if not possible other advice appreciated. thanks

i place bounty on question in few days, if give answer before you'll it.

edit: here web config requested:

<?xml version="1.0"?> <configuration>   <configsections>     <section name="log4net" type="log4net.config.log4netconfigurationsectionhandler, log4net" />   </configsections>    <system.web>         <pages controlrenderingcompatibilityversion="4.0" clientidmode="autoid"/>     <membership defaultprovider="sampleprovider">       <providers>         <add name="sampleprovider" type="mynamespace.nullmembershipprovider, mydll"/>       </providers>     </membership>       </system.web>    <appsettings>     ...   </appsettings>    <system.servicemodel>     <servicehostingenvironment aspnetcompatibilityenabled="true" />     <bindings>       <custombinding>         <binding name="binarycustombinding" sendtimeout="00:10:00">           <security authenticationmode="usernameovertransport"/>           <binarymessageencoding />           <httpstransport maxbuffersize="100000" maxreceivedmessagesize="100000" />         </binding>       </custombinding>     </bindings>      <services>       <service name="mynamespace.myservice">         <endpoint                     binding="custombinding" bindingconfiguration="binarycustombinding"                     name="myservice" contract="mynamespace.iservicecontract" />       </service>     </services>      <behaviors>       <servicebehaviors>         <behavior name="">           <servicemetadata             httpsgetenabled="true"             httpgetenabled="false" />           <servicedebug includeexceptiondetailinfaults="true" />           <servicecredentials>             <usernameauthentication               usernamepasswordvalidationmode="membershipprovider"               membershipprovidername="sampleprovider"/>           </servicecredentials>         </behavior>       </servicebehaviors>     </behaviors>   </system.servicemodel>      <log4net> ...   </log4net> </configuration>

allowing usernameovertransport on http possible in .net 4 think not possible in silverlight. need set allowinsecuretransport attribute of security element:

<custombinding>            <binding name="binarycustombinding" sendtimeout="00:10:00">                <security authenticationmode="usernameovertransport" allowinsecuretranposrt="true"/>                  <binarymessageencoding />                <httptransport maxbuffersize="100000" maxreceivedmessagesize="100000" />              </binding>        </custombinding>

the problem allowinsecuretranposrt not available in silverlight. without can't use username token on unsecured channel.


Comments

Post a Comment

Popular posts from this blog

linux - Mailx and Gmail nss config dir -

-
i trying send mail linux command line using mailx command. can send local domain no problem want set mail send gmail account receive mail sent gmail account. after configuring mail.rc so: account gmail { set smtp=smtps://smtp.gmail.com:587 set smtp-auth=login set smtp-auth-user=username@gmail.com set smtp-auth-password=password set ssl-verify=ignore } i error: resolving host smtp.gmail.com . . . done. connecting 74.125.25.109 . . . connected. missing "nss-config-dir" variable. "/home/username/dead.letter" 11/354 . . . message not sent. after looking "nss-config-dir" here , located certn.db , keyn.db files , added mail.rc so: account gmail { set smtp=smtps://smtp.gmail.com:587 set smtp-auth=login set smtp-auth-user=username@gmail.com set smtp-auth-password=password set ssl-verify=ignore set nss-config-dir=/home/user/.mozilla/firefox/location.default } now when try send mail using command: echo "sent gmail account" | mailx -v -a
Read more

c# - Is it possible to remove an existing registration from Autofac container builder? -

-
something along lines: builder.registertype<mytype>().as<itype>(); builder.registertype<mytype2>().as<itype>(); builder.deregistertype<mytype>().as<itype>() var container = builder.build(); var types = container.resolve<ienumerable<itype>>(); assert.istrue(types.count == 1); assert.istrue(types[0].gettype == typeof(mytype2)); scenario: go through bunch of assemblies , go register types want make sure have 1 implementation of given type. need before create container. track on own nice if autofac me bit. this cannot done directly using containerbuilder , unless start on new one. mind you, having first built container should able construct new container filtering away unwanted types , reusing registrations first container. this: ... var container = builder.build(); builder = new containerbuilder(); var components = container.componentregistry.registrations .where(cr => cr.activator.limittype != typ
Read more

php - Mysql PK and FK char(36) vs int(10) -

-
i have read mysql can handle indexes , searches better if tables keys integers rather char(36) uuid's. is worth converting int(10)? note: use 1 server , have have plans use multiple databases concurrently therefore removing 1 of big reasons using uuid. our tables innodb if makes difference. thanks in advance. usually rdbms can handle integer keys pk more efficient, other datatypes. reason how build index column, yes: long dont require string (or other typed) keys, should use integers. however: char(36) , int(10) far away being equal, because int(10) much smaller, char(36). dont know, if require many different keys, should keep in mind. update, complete last paragraph: int(10) 32-bit, char(36) 36 - ^byte^ (= 288-bit). not mean, int consumes less space, means, char(36) has 4 times more different keys.
Read more