Creating .NET web service with client certificate authentication -


i want limit access .net web service specific list of clients. attach client certificate every request , proper response if "on list".

but how , best way implement this?

on iis (7.0) can set require client certificate option, specify client certificates allow access? need public part of client certificates in certificate store of web server machine?

or must setup handled in code, somehow extract client certificate id , match local list?

or way?

one way create wcf service on iis7 security requirements follows.

in order host wcf service may need run following command on web server:

"%windir%\microsoft.net\framework\v3.0\windows communication foundation\servicemodelreg.exe" -r –y

on iis set site https binding (only) , under ssl settings set require ssl , require client certificates.

this alone allow access service (and wsdl) client certificate valid , issuer trusted web server.

in order restrict access specific certificates setup wcf configuration file bindingconfiguration as:

<basichttpbinding>   <binding name="mybasichttpbinding">     <security mode="transport">       <transport clientcredentialtype="certificate" />     </security>   </binding> </basichttpbinding>

and behaviorconfiguration custom certificate validator as:

<behaviors>   <servicebehaviors>     <behavior name="myservicebehavior">       <servicemetadata httpgetenabled="false" httpsgetenabled="true" />       <servicedebug includeexceptiondetailinfaults="false" />       <servicecredentials>         <clientcertificate>           <authentication certificatevalidationmode="custom"             customcertificatevalidatortype="<project-namespace>.clientcertificatevalidator, <project-namespace>"/>         </clientcertificate>       </servicecredentials>     </behavior>   </servicebehaviors> </behaviors>

and lastly implement custom validator in new class in project as:

public class clientcertificatevalidator : x509certificatevalidator {     public override void validate(x509certificate2 certificate)     {       if (certificate.thumbprint != <allowed-thumbprint>)         throw new exception();     } }

Comments

Post a Comment

Popular posts from this blog

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

url - Querystring manipulation of email Address in PHP -

i using third party application (email2http) send me emailid, body , message. unable retrieve email id due name appended on , enclosed < , >. here querystring getting. test.php?from=ajay+reddy &subject=cx&body=somebody when print variable in php returns name , not email id. $from = $_get['from']; echo $from; //output ajay reddy please suggest me how can emailid also. i dont want use post method due testing , debugging. it's working fine. forgot use htmlentities() in debugging.
Read more