WCF message headers with OperationContext and with MessageInspector and Custom Service Behavior

In this post we will view some possible options for adding message headers to the messages send from the client to service.

Our scenario:

We have a WCF service provided as a Software as a Service (SaaS). People who have an active subscription with our company, are able to invoke methods on our service and retrieve information. To successfully invoke methods and retrieve information the client invoking the method must add a message header named “SubscriptionID which contains the subscriptionid of that customer. If the subscriptionid does not match a valid and active subscriptionid, access to the operations are denied.

1. Setup and configuration of the Service

Our solution setup looks as following:
Solution overview

The “WCF.MessageHeaders.Client” is a Console Application used to mimic a client
The “WCF.MessageHeaders.Service” is a WCF Service Application, holding our SaasService

Continue reading


WCF message security and client certificate authentication with self-signed certificates

For setting up the WCF message security with client certificate authentication, we will start from what we build at the previous post

WCF Transport Security and client certificate authentication with self-signed certificates

I suggest you read the previous post if you have not, as it handles some things about self-signed certificates, certificate mmc and IIS configuration. I will not repeat those things in this post. If you need them, you can read through the post mentioned above.

This was the solution overview we created in the previous post:

Solution overview

We will continue from what we created there, and make some very small changes to move from Transport Security to Message Security.
In the previous post where we set up Transport Security, we used basicHttpBinding. For this example I will move from basicHttpBinding to wsHttpBinding.
The reason for this decision you can see at section 3. NegiotiateServiceCredential

Having stated the above, let’s make the necessary changes to our solution of the Transport Security WCF Service.

Continue reading

WCF transport security and client certificate authentication with self-signed certificates

I have only recently got into contact with Windows Communication Foundation (WCF). As a newbie, one of the things I struggled with at first was securing a WCF service with self-signed certificates. Never having used certificates and not knowing how it actually works, it was challenging task to say the least. Looking back now it makes me feel a little silly …

For this post we will use a common business-2-business scenario. We will create a transport-secured (HTTPS) WCF service with certificate client-credential authentication.

1. Create the solution setup:

For this scenario, we will build a solution called “WCF.Tutorial.TransportSecurity”

Solution overview

There are 2 projects in this solution: (both are default template projects)

  1. WCF Service Application called “WCF.Tutorial.TransportSecurity.Service” 
  2. Client console application called “WCF.Tutorial.TransportSecurity.Client”

Windows Azure inner-role communication on internal endpoint with a WCF service hosted outside of RoleEntrypoint

At some point, you might experience some issues if you try to consume a service that is hosted on another role instance that is not being hosted in the default workerrole process.

We host a WCF Service in a windows service that is being installed on the azure role instance by a startup Task. This means the WCF service is not being hosted inside of the workerrole, which derives from the RoleEntryPoint.
We want to consume this service from another role instance.

For the first role instance where we host the WCF service in a windows service, we need to define an internal endpoint, which we will use for the WCF service to listen on.

This endpoint is only used for communication between both the role instances, thus making it an internal endpoint.


The required binaries of the windows service get copied to the windows azure instance by

Windows Azure Contents copy

We also have a startup task defined, which triggers the install of the windows service on the azure instance.  This startup task startup.cmd has been copied to the azure instance at the approot/definedfolder/ by the contents copy, together with the necessary windows service binaries.

Windows Azure startup task

Continue reading