Skip to content
December 10, 2007 / kiranpatils

Web service Software factory Quickstart or Security with Web Service Software Factory Using Direct Using Direct Authentication

Target Audience:

if you want to make one demo application in Windows Service factory and also want to see security features of WCF than this is for you…so good to go….if not than go….


Web Service Software Factory–July 2006

Visual studio 2005

get it from here:

You can use the WCF Security Guidance Package to configure and test security settings used by Windows Communication Foundation (WCF) services. The guidance package contains recipes that are used to configure authentication protocols. In addition, a recipe is also included that can be used to validate the configuration and perform code analysis using FxCop. The authentication recipes represent an automated process that makes it very easy to configure security.

You can also use the Service Configuration Editor included in the Microsoft Windows Software Development Kit (SDK) for .NET Framework 3.0 to manually configure WCF security settings. The guidance package is easier to use than the service configuration editor, but there may be cases when you have to modify security settings on a computer that does not have the guidance package installed. As a result, this topic discusses both automated configuration using the guidance package and manual configuration using the configuration editor.

Employee Service

1. Create A project By File->new->Project



It will generate the solution structure as shown above.

How to: Implement EmployeeService


To create your data contract using the Create Data Contract recipe


This will bring up the recipe wizard


Click Next


When Table is validated at that time only the Finish Button is going to be enable

It will generate following file:

using System;

using System.Collections.Generic;

using System.Runtime.Serialization;

namespace EmpService.DataContracts


/// <summary>

/// Data Contract Class – Employee

/// </summary>

[DataContract(Namespace = http://EmpService.DataContracts/2007/12&#8221;, Name = “Employee”)]

public partial class Employee


private System.Int32 EmployeeIDField;

[DataMember(IsRequired = true, Name = “EmployeeID”, Order = 0)]

public System.Int32 EmployeeID


get { return EmployeeIDField; }

set { EmployeeIDField = value; }


private System.String FirstNameField;

[DataMember(IsRequired = false, Name = “FirstName”, Order = 1)]

public System.String FirstName


get { return FirstNameField; }

set { FirstNameField = value; }


private System.String LastNameField;

[DataMember(IsRequired = true, Name = “LastName”, Order = 2)]

public System.String LastName


get { return LastNameField; }

set { LastNameField = value; }


private System.String NoteField;

[DataMember(IsRequired = false, Name = “Note”, Order = 3)]

public System.String Note


get { return NoteField; }

set { NoteField = value; }





To create your service contract using the Create Service Contract recipe


This will show up a Service Contract Recipe



Service Contract Example[Fill values in above table like shown as below Table. if value is not in belows table you can keep it as it is.]









For this example, you do not generate the service contract implementation

Just Build the Solution.



To implement the service contract



it will generate following code:

public EmpService.DataContracts.Employee FindEmployeeByLastName(string request)


EmpService.DataContracts.Employee emp = new EmpService.DataContracts.Employee();

System.Security.Principal.IPrincipal principal = System.Threading.Thread.CurrentPrincipal;

emp.EmployeeID = (request.Length > 0) ? request[0].GetHashCode() : 0;

emp.FirstName = principal.Identity.Name;

emp.LastName = request;

emp.Note = “AuthType = “ + principal.Identity.AuthenticationType;

return emp;


This is test code that returns the Employee data contract with the FirstName property equal to the current authenticated user name, the LastName property equal to the request, and the Note property initialized with the authentication type used by the WCF service

How to: Expose and Test the Service

Services are exposed and tested through the provided sample host. This host is a file system–based Web application that uses the built-in Web server included in ASP.NET 2.0 for developing and testing purposes. To enable the host, use the Expose Service recipe.



To test the host

1. In Solution Explorer, right-click EmployeeManager.svc (it was added in the previous step), point to Service Factory (WCF), and then click View in Browser or Debug Host. This opens a browser window.

2. In the browser window that opens, you can examine the WSDL and learn how to use Svcutil.exe to generate client code used to access the service. Svcutil.exe is a service model metadata utility tool included in the Microsoft Windows Software Development Kit (SDK) for .NET Framework 3.0.


How to: Implement the Test Client

Services are tested through the provided sample client application. The client application included with the WCF Service template is a Windows Forms application that includes a grid to view the results.



Copy this URL




To test the service clientTabClick


Press Enter And TAB it will generate the code shown as below:

//TODO: Call proxy method

using( proxy = new ())


[] dts = proxy.FindBy(this.SearchText.Text);

ResultsGrid grid = new ResultsGrid(dts);



Now fill it like this:

private void ExecuteButton_Click(object sender, EventArgs e)
//TODO: Call proxy method
using(EmployeeManager.EmployeeManagerClient proxy = new EmployeeManager.EmployeeManagerClient ())
EmployeeManager.Employee dts = proxy.FindEmployeeByLastName(this.SearchText.Text);

ResultsGrid grid = new ResultsGrid(dts);


This implies that you have implemented a FindEmployeeByLastName method in the EmployeeManager class. This is your business logic.


WCF 29

WCF 30

It looks Good… so much work gives you so nice result…isn’t it?????


To use the security package, you have to enable it using the Guidance Package Manager. After it is enabled, you have to modify security settings for the solution before you use any of the other security recipes. For information about how to enable the security package and configure the solution, see the following subtopics:

How to: Enable the WCF Security Guidance Package

WCF 31

WCF 34

click on enable/Disable Packages..

WCF 37

Select Web Service software factory security->OK->Close.


In short Steps:

To enable the WCF Security Guidance Package

1. On the Tools menu, click Guidance Package Manager.

2. Click Enable / Disable Packages.

3. Select the Web Service Software Factory – Security (WCF) check box.

4. Click OK.

5. Click Close

How to: Modify Your Security Settings


Using the Modify Security Settings recipe, you can constrain the security settings for the solution. It is intended to be used by an architect or lead developer who wants to pre-configure security settings for services within the solution.

To modify your security settings

1. In Solution Explorer, right-click the solution, point to Service Factory (WCF Security), and then click Modify security settings.

WCF 36


2. On the Security Settings page, you can set the security settings that are available for the solution. The following options are available:

· Kerberos

· X.509 Certificates

· Direct Authentication (using UsernameToken) with Windows accounts

· Direct Authentication (using UsernameToken) with ADAM provider

· Direct Authentication (using UsernameToken) with SQL Server provider

· Anonymous

WCF 38


3. On the Message Protection Settings page, you can set the protection levels that are available for the solution. The following options are available:

· None

· Sign

· Sign and Encrypt (XML signatures are also encrypted)

WCF 39


It will save the settings in solution means now whenever you click on Security Settings it will show you the settings which you have modified.


The following is optional [I have also copied and pasted from MSDN :-)]


How to: Use the Service Configuration Editor

The Microsoft Windows Software Development Kit (SDK) for .NET Framework 3.0 provides a tool named Service Configuration Editor that can be used to create and modify security settings in a configuration file. There are several options that can be used to open a configuration file using the configuration editor; this topic describes two options. The first option is to launch the editor and open the configuration file using editor menus. The second option is to add the service configuration file to the list of programs that can be used in the Open With dialog box in Visual Studio.

To launch the configuration editor and open a file

1. On the Start menu, point to All Programs, point to Microsoft Windows SDK, point to Tools, and then click Service Configuration Editor.

2. On the File menu of the configuration editor, point to Open, and then click Config file.

3. In the Open dialog box, navigate to the configuration file you want to open, select the file, and then click Open.

Alternatively, you can create a new configuration file using the configuration editor. To do this, click New Config on the File menu.

To open a file and add the Service Configuration Editor to the Visual Studio Open With dialog box

1. In the Visual Studio Solution Explorer, select the configuration file you want to open.

2. Right-click the configuration file, and then click Open With.

3. Click Add, and then type the following in the Program Name box: C:\Program Files\Microsoft SDKs\Windows\v6.0\Bin\SvcConfigEditor.exe. In the Friendly Name box, type Service Configuration Editor, and then click OK.

4. In the Open With dialog box, click Service Configuration Editor (it was added in step 3), and then click OK.

Figure 1 illustrates the Service Configuration Editor with an open Web.config file.

WCF 41

Service Configuration Editor

In the Service Configuration Editor, the tree view in the left pane is used to navigate through different elements in the configuration file. Many of the folders shown in the tree view represent XML elements under the <system.serviceModel> element in a configuration file. The main pane on the right is used to configure different attributes for the element selected in the left pane. Examining all the different configuration settings is beyond the scope of this discussion; however, this subtopic reviews settings that are used to control security.


Many folders in the service configuration tree view represent XML elements in a configuration file. The main pane in the Service Configuration Editor is used to set attributes of the element that is selected in the tree view.

As shown in Figure 1, there are five top-level folders: Services, Client, Bindings, Diagnostics, and Advanced.

The Services folder represents the services configuration element, which contains one or more service configurations. Under each service element is an endpoints element that contains one or more endpoint configurations. An endpoint for a service identifies the contract that defines the service interface. With the example illustrated in Figure 1, the service contract is defined as EmployeeService.ServiceContracts.IEmployeeManager.

Each endpoint element must contain binding information that indicates how a client application connects to the service. The endpoint can also identify a behavior that can be used to extend the default behavior of a WCF service.

The Client folder represents a client configuration element. The client element contains an endpoint element used to define the address of the WCF service accessed by the client application. Similar to the service endpoint, the client endpoint also contains binding and behavior information.

The Bindings folder represents the bindings configuration element, which contains one or more binding configurations. Bindings specify communication details used to connect to a WCF endpoint, such as transport protocols, security requirements, and encoding requirements. Security requirements for a binding include authentication protocols with related encryption and signing requirements.

The Diagnostics folder represents a diagnostics element that contains different configuration elements used to enable actions such as tracing and message logging.

The Advanced folder does not represent a configuration element; however, some child folders, such as Endpoint Behaviors and Service Behaviors, represent elements in the configuration file. Endpoint Behaviors represents an element named endpointBehaviors that can contain one or more behavior configurations that can be used by an endpoint. The Service Behaviors folder represents an element named serviceBehaviors that contains one or more behavior elements that can be used by a service. Several behaviors are included in the .NET Framework 3.0 runtime that can be used to perform operations such as authorization.

The following is a summary of elements that control security:

  • · A service element contains information used to specify how client applications connect to and interact with the service. For example:
  • Endpoints in a service identify a service contract and binding type.
  • Service behaviors can be used to perform authorization and supply credentials for a service.
  • A binding element specifies transport protocols, security requirements, and encoding requirements used to connect to a service

When using X.509 certificates, direct authentication, or anonymous authentication, you have to install X.509 certificates in a certificate store located on your server or client workstation. For information about how to request and install these certificates, see the following subtopic:

How to: Install X.509 Certificates in the Local Certificate Store

There are two types of certificates you will need to install and use when configuring and testing WCF security using the Web Service Software Factory – Security (WCF) guidance package. The first one is a computer certificate that will be installed in the Local Computer certificate store. The second one is a client certificate that will be installed in the Current User certificate store. These tasks will be accomplished using a Microsoft Management Console (MMC) snap-in, which is described in How to: Use the X.509 Certificate Management Tools of Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0.

To initialize the MMC snap-in for certificates

WCF 43

WCF 44

WCF 45

WCF 46

WCF 48

WCF 49

WCF 51

WCF 51

WCF 54

It will save the file:


In short Steps are:

To initialize the MMC snap-in for certificates

1. On the taskbar, click Start, and then click Run.

2. In the Run box, type mmc, and then click OK.

3. On the File menu, click Add/Remove Snap-in, and then click Add.

4. Under Snap-in, double-click Certificates.

5. Click My user account, and then click Finish.

This allows you to manage certificates for the current user. Certificates – Current User appears on the list of selected snap-ins.

6. Under Snap-in, double-click Certificates.

7. Click Computer account, click Next, click Local Computer, and then click Finish.

This allows you to manage local computer certificates.

8. Click Close, and then click OK.

9. To save the console, click Save on the File menu.

10. In the File name box, type Certificates.msc, and then click Save.

This will add a new menu item named Certificates.msc to the Administrator menu. The Certificates.msc menu item can be used to open the certificates snap-in.

After the certificates snap-in has been initialized, the next step is to request a computer certificate that will be used for the WCF services you are configuring.

To obtain an X.509 computer certificate

1. Open the Certificates.msc Microsoft Management Console (MMC) snap-in.

Expand Certificates (Local Computer), expand Personal, and then select Certificates.

3. Right-click Certificates, point to All Tasks, and then click Request New Certificate.

4. Create a computer certificate by following the wizard steps:

a. Click Next.

b. In the Certificate types list, click Computer, and then click Next.

c. In the Friendly name box, type a name.

d. (Optional) In the Description box, type a description.

e. Click Next.

f. Click Finish.

How to: Secure Your WCF Service Using Direct Authentication

Direct authentication is a process where a user’s ID and proof-of-possession are used by a service to authenticate the user. Proof-of-possession could be a password or smart card. The combination of user ID and proof-of-possession represent a user’s credentials. The credentials are sent as part of the message to a service, which validates the credentials and sends a response.

WCF 57

As illustrated in Figure 1, the following steps describe the direct authentication process:

1. The client sends a request to the Web service. Credentials are attached to the request message.

2. The Web service validates the credentials against an identity store and makes authorization decisions about the client.

3. (Optional) The Web service returns a response to the client.

In Chapter 1 of Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0, the architecture pattern section named “Direct Authentication” describes the following forces that would justify using direct authentication:

· The credentials that the client presents to the Web service are based on shared secrets such as passwords. Frequently, authentication of individual users is performed with passwords. Computers and applications often use higher quality secrets that are more secure than passwords. The client and the Web service must securely exchange the shared secrets before interaction is possible. The exchange of shared secrets must occur through an out-of-band mechanism.

· The Web service can validate credentials from the client against an identity store. The Web service must have direct access to the identity store, including appropriate permissions for accessing identity information.

· The Web service is relatively simple, and does not require support for capabilities such as singlesign-on or support for non-repudiation. In these circumstances, an effective, low cost solution that does not use an authentication broker may be possible.

· The client and the Web service trust one another to manage credentials securely. In this situation, both parties should consider the credentials as equal in value to the information and services they protect. If either the Web service or the client manage the credentials in an insecure manner, neither party can be sure that the mishandled credentials prove the identity of the user or application.

The WCF Security guidance package contains three recipes for direct authentication that support different identity stores:

ADAM. Active Directory Application Mode (ADAM) is a lightweight directory service that is accessed using a Lightweight Directory Access Protocol (LDAP).
SQL Server. User credentials are stored in a database and accessed using membership and role provider classes that are available in the .NET Framework.
Windows accounts. Credentials are used to authenticate users stored in Active Directory.

To secure your WCF service using direct authentication:

1. In Solution Explorer, right-click the Web service Host project, point to Service Factory (WCF Security), and then click Secure a Service Using Direct Authentication with [Provider].


2. Specify your service properties, including service name, endpoint, binding name, and behavior name.



3. Select the X.509 certificate you want to use from a certificate store. The X.509 certificate in this step is used to provide data origin authentication.


4. Select your message protection requirements The configuration options for message protection requirements and algorithm suite will be dependant on the options that you specified in How to: Modify Your Security Settings. In addition, enable signature confirmation, establish secure conversation, or negotiate service credential configuration settings may be available based on the type of direct authentication being configured.


5. Configure the identity provider.


That’s done.

I can understand after doing this much long exercise you will fill go at home….or not than keep reading i will make u…..


Source code is Here: Click on Me

































Leave a Comment
  1. How to Get Six Pack Fast / Apr 15 2009 2:57 pm

    If you want to hear a reader’s feedback 🙂 , I rate this post for 4/5. Decent info, but I have to go to that damn google to find the missed pieces. Thank you, anyway!

  2. Kenneth Clark / Nov 24 2009 7:41 pm

    I can’t understand why everythign has to be generated. I mean sure it saves time but the difficulties it brings with it are just insane!

    • kiranpatils / Dec 20 2009 1:36 pm

      Agreed Kenneth!


  1. manage services provider

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: