Customize security for WCF-type Web services
Relevant for: API testing only
This section describes how to customize the security settings for Web services using WCF.
Create a WCF scenario
-
Open the Security Settings dialog box in one of the following ways:
-
For port level security, right-click a service's port in the Toolbox pane and select Security Settings.
-
For step level security, open the Security Settings tab in the Properties pane. Clear the Use the port's security settings option.
-
-
In the Security Settings dialog box, select the type of WCF Service from the Service Details dropdown list.
Web Service using WSHTTPBinding
-
At the top of the Security Settings dialog box, in the dropdown list, select WCF Service (WSHttpBinding).
-
In the Client authentication type dropdown list, choose a client credential type to use in your binding—Windows, Certificate, or Username. This value corresponds to the MessageClientCredentialType property of the WCF's WSHttpBinding parameter.
Windows authentication is the most common value for a WCF services. If you are using the WCF default settings for your service, use this option.
-
Define the security settings for your authentication type. The available options differ per authentication type.
Note: For some scenarios you should indicate whether to use the WCF proprietary negotiation mechanism to get the service credentials.
-
Click Advanced to control the usage of a secure session.
Web Service using CustomBinding
-
In the Security Settings dialog box, in the dropdown list, select the WCFService (Custom Binding) scenario.
-
In the main pane of the Security Settings dialog box, set the Web service security options, including:
-
Transport type
-
Encoding
-
Authentication mode for the Web service
-
Net security type
-
The identities for the custom bindings and authentication certificate
-
The client user information for the "user" who would access the Web service
-
WCF Federation Web service
-
In the Security Settings dialog box, in the dropdown list, select the WCFService Federation scenario.
-
Provide the service and security transport details, including:
-
Transport type
-
Encoding
-
Authentication mode for the Web service
-
Bootstrap policy for the Web service
-
The identities for the custom bindings and authentication certificate
-
STS (Security Token Service) settings
-
Note: You must to define the communication properties for both the STS and the application server
WCF service using netTcp or namedPipe transport
-
In the Security Settings dialog box, from the dropdown list, select the WCFService (Custom Binding) scenario.
-
Set the Transport option to TCP or NamedPipe.
-
Set the other security settings as described in Web Service using CustomBinding.
Web service using WSE3 security configuration with a server certificate
-
Create a new test and import a WSDL containing the W3E3 service.
-
Add a method from the Web service to the canvas.
-
In the Properties pane, select the Security Settings tab , or in the Toolbox pane right-click the Web service node and select Security Settings.
-
In the Security Settings dialog box, from the dropdown list, select the WCFService (Custom Binding) scenario.
-
In the main pane of the Security Settings dialog box, set the Transport option to HTTP, and the Encoding to Text.
-
In the Identities section, enter a username and password.
-
Click the Browse button adjacent to the Server Certificate field and specify the Store Location, Store Name and Search text (optional). Click Find, select the certificate, and click Select.
-
Provide the Expected DNS.
-
Click the Advanced button and configure the following settings in the Advanced Settings dialog box:
-
In the Encoding tab: Set the WS-Addressing version appropriately
-
In the Security tab, set the following options:
-
Enable secure session: Enabled
-
Negotiate service credentials: Enabled
-
Protection level: Encrypt and Sign
-
Message protection order: Sign Before Encrypt
-
Message security version: WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005 (first entry)
-
Require Derived keys: Enabled
For all other fields, use the default settings.
-
-
WCF service using mutual certificate authentication
The following procedure describes how to set up a security scenario for mutual certificates and how to comply with a WSE3 security configuration.
-
In the Security Settings dialog box, from the dropdown list, select the WCFService (CustomBinding) scenario.
-
Set the Transport option to HTTP, and the Encoding to Text.
-
Set the authentication mode to MutualCertificate.
-
In the Identities section, select the server and client certificates.
-
Provide the Expected DNS.
-
Click the Advanced button and configure the following settings in the Advanced Settings dialog box:
-
Encoding tab—WS-Addressing: WSA 04/08 (for a WSE3 security configuration).
-
Security tab—Require Derived keys: Disabled
For all other fields, use the default settings.
-
WCF scenario using binding with TCP transport to require an X.509 client certificate
The following procedure describes how to configure a WCF custom scenario to require an X.509 client certificate in nettcp.
-
In the Security Settings dialog box, from the dropdown list, select the WCFService (Custom Binding) scenario.
-
Set the Transport to TCP and the Net Security to SSL stream security.
-
In the Properties pane, open the Events tab .
-
IIn the events list, select the BeforeApplyProtocolSettings event. Click in the Handler column and select Create a default handler from the drop-down.
-
In the TestUserCode.cs file, locate the TODO section of the code and add the following definitions.
var wcf = (HP.ST.Ext.CommunicationChannels.Models.WcfChannelBinding)args[1]; var ssl =
(HP.ST.Ext.CommunicationChannels.Models.WcfSslStreamSecurityChannel)wcf.
Protocols.Channels[1]; ssl.RequireClientCertificate = true;For all other fields, use the default settings.