Last post Feb 21, 2013 12:41 PM by Mauro_net
Feb 17, 2013 06:40 PM|Mauro_net|LINK
let's see it there's a simple answer to this. I-ve been using asmx services for a long time but now i move to WCF (did a couple things before nothing fancy) for good.
My scenario is a desktop app (wpf but might be something else tomorrow, android app maybe) to handle a local repository and a web server server to perform some syncing between users.
I am not sure how to SECURE my webservice calls and I was kinda used to rely on SESSION (asp.net type of sessions), so i can have for instance a syncing progress monitor. Using sessions was the easiest way i know to simulate some kind of state or conversation.
I also use them for authenticating once and then checking against session so see if the "requesting user" is authenticated.
My idea was to have a service over https and with session enabled. What should i do? Most of my logic is already developed so I now just have to choose the best way to secure it. Help!!!
btw - I've spent a LONG TIME on the internet learning about wsHttpBinding, BasicHttpBinading and stuff... still i havent yet developed a way of my own to take this decistion.
thanks in advance,
Feb 19, 2013 04:20 AM|Haixia Xie - MSFT|LINK
There are a number of possible client and service security configurations, I'd suggest you take a look at
Common Security Scenarios
document for common security scenarios.
If you want to secure the service over HTTPS, you can find a document below which demonstrate how to design a
service secured by HTTPS with custom username and password validator in IIS.
#WCF Service over HTTPS with custom username and password validator in IIS
Learn more on how to use sessions in WCF application, see #Using Sessions
Hope this helps.
Feb 19, 2013 03:50 PM|Mauro_net|LINK
Hey! Tahnsk for answering.
First of all, as an update , I've been working lately on implementing transport (ssl)+message (wshttpbind )security + custom username validator. I'm glad to see that you suggest the same thing. It's good to know i made the right choice.
SO - I decided NOT TO USE SESSIONS. It's hard to say this all friend good bye (at least in WCF), but I've already taken that desition. Now... how could I implement, in wsHttpBinding+SSL some sort of PROGRESS MONITOR for long running tasks?\
If you could answer quickly that would be awesome! What about using dictionaries of [username, progress] ?? could it work? Is there any special reason why static dictionaries wouldnt work in my environment? Maybe a concurrent dictionary? Will they last as
long as the server is up ? Is there an asp like worker process behind all this?
Feb 21, 2013 01:11 AM|Haixia Xie - MSFT|LINK
how could I implement, in wsHttpBinding+SSL some sort of PROGRESS MONITOR for long running tasks?
I do not understand what do you mean with this, can you explain more clearly?
But WCF sessions are very different from ASP.NET Sessions. WCF sessions are represented as service instances (as CLR objects) and the states are part of each service instance. ASP.NET sessions are like shared data storage across different requests. You can
find more information in below blog.
Feb 21, 2013 12:41 PM|Mauro_net|LINK
Simple: I call a method in my WCF (wsHtt + ssl). This Process takes 3 minutes to run. I want to give the user an updated feedback of the long-running operation. How can i do this with wshttpbinding + ssl?
So far as i know, wsHttpBinding + SSL DOES NOT SUPPORT any kind of session and service instances are per-request. I've tryed other methods with session but they do not support transport+message security!
I insist: wsHttpBinding + Message-level security + some way to persist status data among service calls