Just another site

Tag Archives: .net

Fixing the POODLE issue in Java client (HTTPSUrlConnection/Webservices etc.) , securing embedded jetty , fixing a .NET client stack (WCF etc.) and securing IIS7/8

– If your app is going to make HTTPS calls (act like a client) or for all Java apps using HTTPSUrlConnection set the following system property java.lang.System.setProperty(“https.protocols”,
“TLSv1,TLSv1.1,TLSv1.2”); or set the propety before starting the application with “java -Dhttps.protocols=”TLSv1,TLSv1.1,TLSv1.2″ MyAPP”

– To disable SSLv3 in embedded Jetty(v9.x)  setup the SslContextFactory



-For securing Tomcat 7 follow the following steps

-For protecting .NET WCF or client HTTPS invocatons endpoints by forcing them to use TLS always. Set it globally for each AppDomain via the System.Net.ServicePointManager.SecurityProtocol property when the application starts up.


System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

-Disabling SSLv3 on IIS7/8

C# : Working with .cab (cabinet) files

.NET does not have any classes for creating cabinet files out-of-box, so today I had to look what else is available out there. There are a couple of solutions I found for creating a .cab file from the .NET code. The one that actually worked for me was a library developed by Microsoft(!) as part of their Windows Installer XML (WiX) toolset. This toolset is distributed with a bunch of dlls as part of its SDK. The library that allows to create cabinet files is called Microsoft.Deployment.Compression.Cab and located under <WIX_Installation_Folder>\SDK.

In your project you need to add a reference to the Microsoft.Deployment.Compression.Cab.dll and to Microsoft.Deployment.Compression.dll (located under the same folder and has some base classes for types defined in the Microsoft.Deployment.Compression.Cab).

After doing this you can add files to a cabinet file from .NET with just a couple of line of code:

using Microsoft.Deployment.Compression.Cab;

//create a instance of Microsoft.Deployment.Compression.Cab.CabInfo
//which provides file-based operations on the cabinet file
CabInfo cab = new CabInfo(@”C:\”);

//create a list with files and add them to a cab file
List<string> filesToArchive = new List<string>() { @”C:\file1″, @”C:\file2″ };
cab.PackFiles(null, filesToArchive, null);

//add a folder (including subdirectories) to another cab file with a maximum compression level
cab = new CabInfo(@”C:\”);
cab.Pack(@”C:\folder”, true, Microsoft.Deployment.Compression.CompressionLevel.Max, null);

//unpack a cab file into C:\Unpacked folder

The library has an MSDN style help file located under <WIX_Installation_Folder>\doc\DTFAPI.chm.

Another dll that also comes with WiX toolset SDK is Microsoft.Deployment.Compression.Zip.dll that provides similar functionality for packing and unpacking zip files.


C# : Credentials management on windows 2008

I was looking at options to save credentials on Wnidows platform.The traditional way is registry or DB or filesystem.But then one has to keep an eye on security issues & other headaches that follow.

Then i saw this feature in W2K8 ,”Credentials Manager”. The API for it are in C/C++ , but i needed a solution in C#. So I triaged a bit & came across a solution for the same .

Another one :


How to supply dedicated credentials for webproxy authentication in WCF client – Part 2

In my previous blog about the same topic we talked about webproxy authentication in WCF client using configuration file changes.

But the same can be solved programmatically.I’m going to discuss the same here.Its pretty simple & straight forward!

In the code where you initialise you application much before any WCF service calls are made, insert the following piece of code

WebProxy wproxy = new WebProxy(“http://<proxy address>:<proxy port>”, true,null,new NetworkCredential(“<user name>”, “<user password>”,”<domain>”));
WebRequest.DefaultWebProxy = wproxy;

The WCF runtime will acquire proxy setting from WebRequest.DefaultWebProxy property if the <> and WCF <binding> remains useDefaultproxy as “true”.

Then you are done!

How to supply dedicated credentials for webproxy authentication in WCF client – Part 1

This fix assumes you have deployed the application & it is running under the credentials of the user with access to internet.Set the proxy in IE which is the default web proxy or for system web proxy use netsh to setup winhhtp proxy.

<basicHttpBinding …. useDefaultWebProxy=”Boolean”>

<defaultProxy useDefaultCredentials=”true”/>

useDefaultWebProxy:A Boolean value that specifies whether the auto-configured HTTP proxy of the system should be used, if available. The default is true.

The above settings will autheticate the user against the proxy for WCF clients

In my next post we will see how to do it programmatically

Reference :
1. For understanding System.serviceModel configuration refer Ref:
2. For understanding configuration refer refer Ref: Do read this section if your proxy configuration uses other mechansims like automatic detetcion,script etc.
3. A good short blog on the same topic as above :