Qpid
  1. Qpid
  2. QPID-2500

Transport security for the WCF channel

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.7
    • Fix Version/s: 0.7
    • Component/s: WCF/C++ Client
    • Labels:
      None
    • Environment:

      Windows

      Description

      SSL and Sasl PLAIN capabilities have been recently ported to the C++ client on Windows. The WCF client can now be enhanced to use these features and to provide the expected transport level security classes and binding parameters for specifying encryption and authentication on the transport channel.

        Activity

        Hide
        Steve Huston added a comment -

        Applied patches as attached and also added WcfPerfTest project to QpidWcf.sln. Trunk r938677.

        Show
        Steve Huston added a comment - Applied patches as attached and also added WcfPerfTest project to QpidWcf.sln. Trunk r938677.
        Hide
        Cliff Jansen added a comment -

        Currently you have to manually update the references to Apache.Qpid.Channel.dll and Apache.Qpid.Interop.dll when building.

        The usual rules having the qpidclient.dll, qpidcommon.dll and the boost dlls in the right place or in your PATH apply at runtime.

        Since WcfPerftest also launches the native perftest.exe, it needs to be in the path or with the other dlls too.

        Show
        Cliff Jansen added a comment - Currently you have to manually update the references to Apache.Qpid.Channel.dll and Apache.Qpid.Interop.dll when building. The usual rules having the qpidclient.dll, qpidcommon.dll and the boost dlls in the right place or in your PATH apply at runtime. Since WcfPerftest also launches the native perftest.exe, it needs to be in the path or with the other dlls too.
        Hide
        Steve Huston added a comment -

        How do you usually buildf WcfPerfTest, Cliff? It's not referenced from QpidWcf.sln.

        Show
        Steve Huston added a comment - How do you usually buildf WcfPerfTest, Cliff? It's not referenced from QpidWcf.sln.
        Hide
        Steve Huston added a comment -

        Ok, great - thanks, Cliff.

        Show
        Steve Huston added a comment - Ok, great - thanks, Cliff.
        Hide
        Cliff Jansen added a comment -

        At a minimum the AmqpCredentialType enumeration will grow and there
        will be new signatures on the AmqpCredential.

        If other changes are required, for consistency, the
        AmqpTransportSecurity structure and its support classes should try to
        look like existing WCF bindings that support these or similar
        mechanisms. The existing design follows that principle.

        As an analogy take a look at HttpTransportSecurity and
        HttpClientCredentialType for an existing Microsoft binding that
        handles a wide range of authentication and security options.

        The base WCF ClientCredentials class can already handle most simple
        certificate and username/password cases and is meant to be extended to
        handle special cases and arbitrary security tokens. It's flexible,
        but not necessarily easy to handle arbitrary proxy and firewall
        situations. Users may prefer to use an AmqpCredential in many cases.
        The AmqpCredential provides a mechanism to separate broker credentials
        from WCF service endpoint credentials and also provides the building
        blocks for more complex bindings in the future (e.g. failover between
        multiple brokers).

        Show
        Cliff Jansen added a comment - At a minimum the AmqpCredentialType enumeration will grow and there will be new signatures on the AmqpCredential. If other changes are required, for consistency, the AmqpTransportSecurity structure and its support classes should try to look like existing WCF bindings that support these or similar mechanisms. The existing design follows that principle. As an analogy take a look at HttpTransportSecurity and HttpClientCredentialType for an existing Microsoft binding that handles a wide range of authentication and security options. The base WCF ClientCredentials class can already handle most simple certificate and username/password cases and is meant to be extended to handle special cases and arbitrary security tokens. It's flexible, but not necessarily easy to handle arbitrary proxy and firewall situations. Users may prefer to use an AmqpCredential in many cases. The AmqpCredential provides a mechanism to separate broker credentials from WCF service endpoint credentials and also provides the building blocks for more complex bindings in the future (e.g. failover between multiple brokers).
        Hide
        Steve Huston added a comment -

        Thanks, Cliff.
        Question on the strategy of adding arguments for ssl, saslPlain... what's the plan for handling further additions to authentication mechanisms? For example, Kerberos or Windows login keys? Would this require more signatures with the needed arguments?

        Show
        Steve Huston added a comment - Thanks, Cliff. Question on the strategy of adding arguments for ssl, saslPlain... what's the plan for handling further additions to authentication mechanisms? For example, Kerberos or Windows login keys? Would this require more signatures with the needed arguments?
        Hide
        Cliff Jansen added a comment -

        Update WcfPerftest to use SSL and SASL plain

        Show
        Cliff Jansen added a comment - Update WcfPerftest to use SSL and SASL plain
        Hide
        Cliff Jansen added a comment -

        This patch updates the DTC plugin module to be able to parse data source names for SSL and SASL PLAIN info in the context of an XA resource manager.

        Show
        Cliff Jansen added a comment - This patch updates the DTC plugin module to be able to parse data source names for SSL and SASL PLAIN info in the context of an XA resource manager.
        Hide
        Cliff Jansen added a comment -

        This patch provides the base functionality and security classes that are expected for specifying authentication and encryption on WCF transports.

        Show
        Cliff Jansen added a comment - This patch provides the base functionality and security classes that are expected for specifying authentication and encryption on WCF transports.

          People

          • Assignee:
            Steve Huston
            Reporter:
            Cliff Jansen
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development