在WCF中启用不带SSL的基本HttpBinding

Question

The idea here is that for my testing, before I commit to purchasing the SSL certificate, I want to enable the WCF service in non-ssl mode. I've done it in the past using this code, but for the life of me, cannot figure out how to translate it into the web.config file.

If someone can put me in the right direction on how you would go about this translation, that would be much appreciated.

                Binding basicBinding = null;
                if (RegistryConnectionStringFactory.UseSslForCommunications)
                {
                    basicBinding = new BasicHttpBinding();
                    (basicBinding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
                    (basicBinding as BasicHttpBinding).Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;

                    creds.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.MembershipProvider;
                    creds.UserNameAuthentication.MembershipProvider = Membership.Provider;
                }
                else
                {
                    HttpTransportBindingElement transport = new HttpTransportBindingElement()
                    {
                        AuthenticationScheme = System.Net.AuthenticationSchemes.Basic
                    };
                    basicBinding = new CustomBinding(transport);

                    svcHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new AspNetUsernamePasswordValidator();
                    svcHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
                }

Answer 1

What is wrong with configuration based approach for BasicHttpBinding? You simply use TransportWithMessageCredential and UserName credentials for communication over HTTPS or TransportCredentialOnly and Basic credentials for communication over HTTP.

Answer 2

This is an extreme but you can allow anonymous and non-SSL by setting the security mode to "none". Anonymous might also affect your testing so probably not recommended.

<binding name="HttpBasicSecurityConfig">
  <security mode="None">
  </security>
</binding>

From http://msdn.microsoft.com/en-us/library/ms731172.aspx :

Transport Credentials in Bindings

Type   Description
None   Specifies that the client does not need to present any credential. This translates to an anonymous client.

Answer 3

Because your post suggests that want to do this to avoid purchasing an SSL certificate before your testing is complete, I wanted to ask: To save yourself some time, could you just create your own self-signed certificate using makecert ?

If so, these notes might be of some help.

To create root certificate key files...

makecert  -r -pe -n "CN=My Own Authority,O=My Company,C=US" -ss CA -sr CurrentUser -a sha1 -sky signature -sv mycert.pvk mycert.cer

To create a .PFX file...

makecert -pe -n "CN=localhost" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic mycert.cer -iv mycert.pvk -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv localhost.pvk localhost.cer
pvk2pfx -pvk localhost.pvk -spc localhost.cer -pfx localhost.pfx

Then, using the Certificates snap-in, import the mycert.cer file into the Trusted Root Certification Authorities on the local computer to tell those apps running on the local machine that any certificate signed by your own authority is trustworty.

Next, you import the localhost.pfx file into the Personal store on the local computer. (Doing this makes the certificate available to IIS so that it may declare itself, by your own authority, to be the server named "localhost".)

There's a detailed descripton of how to import the .PFX file into IIS 7 here: http://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm

Answer 4

I was looking at something similar today as well but my knowledge isn't 100% complete.

For the binding you will need to do something like this:

   <bindings>
  <customBinding>
    <binding name="CustomBinding">
      <httpTransport authenticationScheme="Basic"/>
    </binding>
  </customBinding>

Then you need to create a serviceBehaviour for the custom validation:

        <behavior name="serviceBehavior" >
      <serviceAuthorization principalPermissionMode="UseAspNetRoles"roleProviderName="CustomRolesProvider" />
      <serviceCredentials>
        <userNameAuthentication customUserNamePasswordValidatorType ="AspNetUsernamePasswordValidator [Fully qualified name]" userNamePasswordValidationMode="Custom" />
      </serviceCredentials>

obviously not tested but a similar config just worked for me and it may get you started...