1. Minimum Security Configuration Guide
  2. Minimum Security Configuration Guide
  3. Configuring Security for Interface Web Service

Configuring Security for Interface Web Service

The PSL Web Service has been built on top of Microsoft Windows Communication Foundation. The following gives a very detailed understanding of the concepts of WCF Security and the various configurations that are possible to configure security on the WCF Web Service.

Execute the following steps to configure the PSL Web Service to use Transport and Message Security:

  1. Locate the <system.serviceModel> section in the <ArgusInstallPath>\Integrations\web.config file.
    By default, the bindingConfiguration used by the Service Endpoint is wsHttpUnsecure.
  2. Security can be configured in the same binding Configuration or a new configuration can be created. The steps mentioned in this section uses a new binding configuration called wsHttpSecure.
    To achieve this, modify the endpoint configuration to use the new bindingConfiguration:
    <services>
     <service behaviorConfiguration="Relsys.InterfaceLibrary.RelsysServiceBehavior" name="Relsys.InterfaceLibrary.RelsysService">
     <endpoint address="" binding="wsHttpBinding" contract="Relsys.InterfaceComponents.IRelsysService" bindingConfiguration="wsHttpSecure"/>
     </service>
</services>
  3. Create a new binding configuration under the hierarchy <bindings><wsHttpBinding>, as shown below:
    <bindings>
     <wsHttpBinding>
       <binding name="wsHttpSecure">
         <security mode="TransportWithMessageCredential">
           <transport clientCredentialType="Certificate"/>
           <message clientCredentialType="Certificate" />
         </security>
       </binding>
     </wsHttpBinding>
   </bindings>
    The different values available for the clientCredentialType for transport and message elements can be found in the WCF documentation mentioned at the beginning of this section.
  4. Modify the Service Behavior configuration as follows:
    <behaviors>
     <serviceBehaviors>
       <behavior name="Relsys.InterfaceLibrary.RelsysServiceBehavior">
         <serviceCredentials>
           <clientCertificate findValue="00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" x509FindType="FindByThumbprint" >
           </clientCertificate>
           <serviceCertificate findValue="00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" x509FindType="FindByThumbprint"/>
         </serviceCredentials>
       </behavior>
      </serviceBehaviors>
   </behaviors>
    In the above configuration, configure the findValue and x509FindType according to the Server Certificate and the Client Certificate.

Parent topic: Minimum Security Configuration Guide