All geek questions in one place

WCF Security in Internet Scripting

I have a WCF service hosted in a windows service. Clients from various platforms will get access to the service. Now I would like to add a basic security mechanism. Ideally, clients should use a username / password for authentication.

What binding parameters do I need to use in this scenario and how can I authenticate the client? Interoperability is more important than very secure solutions. If possible, the client should not be forced to use a certificate or the like. In addition, authentication does not have to be closely related to the SQL Server database. I would like to manually verify client credentials.

thanks for the help

+3
source share
2 answers

Your best bet would be BasicHttpBinding with security set to TransportWithMessageCredentials and the credential type set to UserName. In this case, your service will be protected by HTTPS (a server certificate for SSL is required, which must be trusted on the clients), and authentication will be provided at the message level using the UserName token profile (SOAP header). You can implement your own password validator .

BasicHttpBinding Configuration Summary:

<bindings>
  <basicHttpBinding>
    <binding name="Secured">
      <security mode="TransportWithMessageCredential">
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

HTTPS, HttpTransport, TextMessageEncoding , UserNameOverTransport. allowInsecureTransport true (, WSDL).

:

<bindings>
  <customBinding>
    <binding name="Secured">
      <security authenticationMode="UserNameOverTransport" allowInsecureTransport="true" />
      <textMessageEncoding messageVersion="Soap11" />
      <httpTransport />
    </binding>
  </cutomBinding>
</bindings>
+3

. "" : CodePlex

+1

Source: https://habr.com/ru/post/1767960/

More articles:


All Articles