Author Archives: erictummers

About erictummers

Working in a DevOps team is the best thing that happened to me. I like challenges and sharing the solutions with others. On my blog I’ll mostly post about my work, but expect an occasional home project, productivity tip and tooling review.

Hacking Silverlight part 3

Posted on May 22, 2012 by erictummers

This post should be called Hacking WCF as I will show some configuration hacks in WCF. Read part 2 here where I discussed the clientaccesspolicy.xml and crossdomain.xml files. The Csla WcfPortal I discovered in part 1 (here) is my next … Continue reading →

Posted in Security | Tagged csla, proxy, risk, Security, security settings, WCF, WcfPortal, web.config, wsdl | Leave a comment

Hacking Silverlight part 2

Posted on May 15, 2012 by erictummers

My trip down hackers lane continues. Read part 1 here where I discovered the Csla WcfPortal is used. Before starting my “attack” I do some recon. Silverlight has a build-in security step that requests the clientaccesspolicy.xml file before allowing a … Continue reading →

Posted in Security | Tagged clientaccesspolicy, crossdomain, meta, Silverlight, wsdl, XAP | 2 Comments

Basic authentication in selfhosted mono service

Posted on May 10, 2012 by erictummers

I want to secure my selfhosted service on mono with basic authentication. This works with an Authorization header in the http request and can be setup with configuration for the binding. The setting BasicHttpSecurityMode.TransportCredentialOnly only encrypts the header and no … Continue reading →

Posted in Development | Tagged 401, authorization header, basic authentication, BasicHttpSecurityMode, Fiddler, http, mono, security message, selfhosted, TransportCredentialOnly | 6 Comments

Hacking Silverlight

Posted on May 9, 2012 by erictummers

Someone asked me to hack his Silverlight portal. The goal was to test the security and to give some recommondations for future projects. This is part one of my trip down hackers lane. As a Microsoft developer I know Silverlight … Continue reading →

Posted in Security | Tagged csla, MvvmLight, Reflector, Silverlight, telerik, WcfPortal, XAP, ZIP | 2 Comments

Fileless activation without svc extension (sort of)

Posted on May 1, 2012 by erictummers

Hosting WCF services in Windows Azure is easy: create service contract and implementation, add serviceactivation to web.config of the Role you’re hosting the service in. The serviceactivation needs a registered extension (svc) to be activated. When you want to do … Continue reading →

Posted in Development | Tagged azure, extension, iis, rewrite, serviceactivation, svc, url rewrite, WCF, Windows Azure | Leave a comment