Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
WSHttpBinding with authentication by certificate only??? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    1
    Sign in to vote

    I need to protect a REST service that works over https. Previously we used HttpClientCredentialType.Ntlm credentials. I changed binding to the following:

                var binding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential, true)
            {
                ReaderQuotas = _readerQuotas,
                MaxReceivedMessageSize = 2147483647,
                OpenTimeout = TimeSpan.MaxValue,
                CloseTimeout = TimeSpan.MaxValue,
                SendTimeout = TimeSpan.MaxValue,
                ReceiveTimeout = TimeSpan.MaxValue
            };

            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
            binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;

    Then I set some self-signed certificate before opening the host:

                    host.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
                    StoreName.AuthRoot, X509FindType.FindByIssuerName, "...");

                host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                    StoreName.AuthRoot, X509FindType.FindByIssuerName, "...");

    What surprised me though was that I was able to login using the old client configured using username/password credentials. How is this possible? The whole point of using certificate authentication is to disable all unwanted login attempts to minimize the risk of password attack. Any idea how can I make sure that my service allows certificate authentication only?

    Thursday, October 8, 2020 1:17 AM

Answers

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi Aleksey Malyshev,

    Thank you for posting here.

    In order to help you find the correct forum to go ask questions, I have moved the thread to 'Where is the forum for' forum.

    Thank you for your understanding.

    Best Regards,

    Xingyu Zhao

     

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, October 8, 2020 3:09 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Hello,

    you could ask here:

    https://social.msdn.microsoft.com/Forums/en-US/home?forum=csharpgeneral

    Regards, Guido

    Thursday, October 8, 2020 5:53 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi Aleksey Malyshev,

    Thank you for posting here.

    In order to help you find the correct forum to go ask questions, I have moved the thread to 'Where is the forum for' forum.

    Thank you for your understanding.

    I am sorry, I do not understand. I asked the question in ".NET Framework Class Libraries" forum. Why is it wrong to ask a question there? I am asking how to use class libraries. What's wrong with that?
    Thursday, October 8, 2020 12:45 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi Aleksey Malyshev,

    Thank you for posting here.

    In order to help you find the correct forum to go ask questions, I have moved the thread to 'Where is the forum for' forum.

    Thank you for your understanding.

    I am sorry, I do not understand. I asked the question in ".NET Framework Class Libraries" forum. Why is it wrong to ask a question there? I am asking how to use class libraries. What's wrong with that?

    I don't know why they moved you to Where-Is-Forum. Maybe they don't think that they can help you.

    You could possibly ask in the following forum about .net framework class library:

    https://docs.microsoft.com/en-us/answers/topics/windows-uwp-runtime.html

    https://docs.microsoft.com/en-us/answers/topics/windows-forms.html

    Regards, Guido

    Friday, October 9, 2020 6:16 AM