Secure programming with the Siebel adapter

How Do I Protect Credentials When I Use the Add Adapter Service Reference Visual Studio Plug-in?

When you use the Add Adapter Service Reference Plug-in to create a WCF client, you must supply a user name and password for the Siebel system. You should only do this from the Security tab on the Configure Adapter dialog box. By entering the Siebel credentials from the Security tab instead of directly into the Uri field, you ensure the following:

  • The credentials will not be displayed in the Uri field of the Add Adapter Service Reference Plug-in dialog box where anyone with access to your computer screen can read them.

  • The credentials will not appear in the configuration file that the Add Adapter Service Reference Plug-in generates.

    For more information about how to generate a WCF client by using the Add Adapter Service Reference Plug-in, including how to enter a user name and password for the Siebel system, see Get Metadata for Siebel Operations in Visual Studio.

What Are Best Practices for Setting Credentials in Code?

WCF provides the ClientCredentials class to help you configure the credentials that a client communication object, such as a ChannelFactory, uses to authenticate itself with a service. By using the ClientCredentials class, you ensure that WCF takes whatever authentication mechanisms are specified in that object’s channel stack and applies them to the exchange between your client and the service.

Because the Siebel adapter is hosted in-process with its consuming application, it is not imperative to use the ClientCredentials class to set credentials on the client communication objects that the consuming application uses. It is, however, considered good practice to do so.

The Siebel adapter encourages the use of the ClientCredentials class through the AcceptCredentialsInUri binding property. This property specifies whether the adapter will accept the user name and password for the Siebel system in the connection URI. AcceptCredentialsInUri defaults to false, which means that the adapter will throw an exception if the connection URI contains credentials. You can set AcceptCredentialsInUri to true to supply credentials in the connection URI. In fact, you must do this in certain cases; for example, when you use the ServiceModel Metadata Utility Tool (svcutil.exe) to generate a WCF client class for Siebel system artifacts.

The following example shows how to use the Credentials class to set credentials for the Siebel system on a ChannelFactory.

// Create binding and endpoint  
SiebelBinding binding = new SiebelBinding();  
EndpointAddress endpointAddress = new EndpointAddress("siebel://Siebel_server:1234?SiebelObjectManager=obj_mgr&SiebelEnterpriseServer=entserver&Language=enu ");  
  
// Create the channel factory   
ChannelFactory<IRequestChannel> factory = new ChannelFactory<IRequestChannel>(binding, endpointAddress))  
  
// Set user name and password  
factory.Credentials.UserName.UserName = "YourUserName";  
factory.Credentials.UserName.Password = "YourPassword";  
  
// Open the channel factory  
factory.Open();  

The following example shows how to use the ClientCredentials class to set credentials for the Siebel system on a WCF client.

// Initialize a new client for the SQLEXECUTE operation from configuration   
BusinessObjects_Account_Account_OperationClient accountAccountClient = new BusinessObjects_Account_Account_OperationClient ("SiebelBinding_BusinessObjects_Account_Account_Operation");  
  
// Set user name and password  
accountAccountClient.ClientCredentials.UserName.UserName = "YourUserName";  
accountAccountClient.ClientCredentials.UserName.Password = "YourPassword";  
  
// Open the client  
accountAccountClient.Open();  

How Can I Provide for More Secure Data Exchange Across Process Boundaries?

The Siebel adapter is hosted in-process with the application or service that consumes it. Because the adapter is hosted in-process with the consumer, there is no need to provide security on messages exchanged between the consumer and the Siebel adapter. However, if the consuming application or service sends messages that contain sensitive database information across a process boundary to another service or client, you should take measures to provide adequate protection for this data in your environment. Windows Communication Foundation (WCF) provides many options for helping to secure messages sent between clients and services. For more information about helping to secure messages sent between clients and services in WCF, see Securing Services and Clients. For more general information about security features that WCF provides, see Windows Communication Foundation Security.

See Also

Secure your Siebel applications
Best practices to secure the Siebel adapter