c# - wcf server authentication without certificates -


i have self-hosted wcf service nettcpbinding bindings. both servers , clients in same domain, i'd use windows authentication, i'd clients verify server credentials (to avoid internal man-in-the-middle/dns tampering attack). i've read way use spn, can't seem work; no matter spn set client works (i.e. server , client don't match, client connects anyway). i've got kind of configuration error, i'm not sure where. here service config server:

<system.servicemodel> <services>   <service name="aaaauthservice.aaaauthservice" behaviorconfiguration="aaaauthservicebehavior">     <endpoint address="" binding="nettcpbinding" bindingconfiguration="nettcpbinding_iaaaauth" contract="aaa.iaaaauthservice">       <!--       <identity>                     <serviceprincipalname value="aaashlkjhlkjjjjhhhhjjpn/justink-pc.sgasdf1.allamericanasphaltasdf.casdfom"/>       </identity>       -->     </endpoint>     <host>       <baseaddresses>         <add baseaddress="net.tcp://localhost:9000/iaaaauthservice"/>       </baseaddresses>     </host>     </service> </services> <behaviors>   <servicebehaviors>     <behavior name="aaaauthservicebehavior">       <servicethrottling maxconcurrentcalls="2147483647" maxconcurrentinstances="2147483647" maxconcurrentsessions="2147483647"/>       <servicedebug includeexceptiondetailinfaults="true"/>     </behavior>   </servicebehaviors> </behaviors> <bindings>   <nettcpbinding>     <binding name="nettcpbinding_iaaaauth" closetimeout="00:00:20" opentimeout="00:00:10" receivetimeout="00:00:10" sendtimeout="00:00:10" hostnamecomparisonmode="strongwildcard" maxconnections="2147483647">       <security mode="transport">         <transport clientcredentialtype="windows" protectionlevel="encryptandsign"/>         <message clientcredentialtype="windows"/>       </security>     </binding>   </nettcpbinding> </bindings>

the windows credentials seem passed in - operationcontext.current.serversecuritycontext.windowsidentity populated account information.

what missing here?


Comments

Post a Comment

Popular posts from this blog

jquery - Invalid Assignment Left-Hand Side -

i trying assign class tag via jquery, resulting in error through firebug says "invalid assignment left-hand side" on fourth line below. <cfoutput> $('.pngfix a').each(function(index) { var hreflink = $(this).attr("href"); if (hreflink.tolowercase() = '../audio.cfm') { $(this).addclass('audioimg'); } }); </cfoutput> looking around online, looks syntax problem, don't seem see it... any tips? thanks if (hreflink.tolowercase() = '../audio.cfm') that attempts assign value, rather check equality. change = operator == .
Read more

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more