Monthly Archives: November 2007

I wrote here that WCF 3.5 now supports usernames over transport security. This does not work for IIS hosted services though. The problem is this: When you set the clientCredentialType on the binding to Basic, you also have to enable Basic … Continue reading →

An often wanted feature for the WCF ServiceAuthorizationManager in 3.0 was to get easy access to the incoming message. This is now possible in 3.5 – there is a new overload for CheckAccess which passes in the Message object as … Continue reading →

This post may be interesting for you because you eiter want to control who has access to a service’s metadata retrieving metadata suddenly stops working when adding a ServiceAuthorizationManager to your service Metadata retrieval requests pass just like normal requests … Continue reading →

This question came up in a recent consulting gig – so I thought I summarize the options and provide some links. WCF Metadata Architecture Overview   Base Address The easiest way to expose metadata is to provide a base address … Continue reading →

Vittorio has a sneak peek of the upcoming identity framework up on his blog. Like many others I wrote my own STS (or tried to) – and I am happy that in the future this tedious work will be the job of … Continue reading →

When you return false from the ServiceAuthorizationManager‘s CheckAccessCore method, WCF sends a special fault message back to the client. The logic looks more or less like this: private Exception CreateAccessDeniedFault() { FaultCode code = FaultCode.CreateSenderFaultCode( “FailedAuthentication”, “http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”); FaultReasonText faultText = new … Continue reading →