WCF Security - Transport Level Security with username password
Question
I wish to provide security for a webservice. I initially used BasicHttpBinding with Transport security (ssl) and message security (to pass username and password for Custom Username Password Validation)...
But the consumers of the web service said they cant add a header to the soap message with security details.. and said they would like to pass it on the communication channel for the service.
Is it possible to do custom validation of user, with transport security with WCF?? I can't get it working :(
Any suggestions?
thanks Neil
1 answers
solution1
3 ACCPTED 2013-06-27 17:54:53
I think your consumers are asking for Basic Authentication. That is, where the authentication token is passed in the HTTP Authorization header rather than in the SOAP security header. Confidentiality of the credentials will be provided only by the transport (HTTPS).
The binding configuration for this is:
<basicHttpBinding>
<binding name="HTTPSwithBasicAuthentication">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
On the client, you set the credentials like this
serviceClient.ClientCredentials.UserName.UserName = "username";
serviceClient.ClientCredentials.UserName.Password = "password";
Assuming your service is hosted in IIS, remember to enable Basic Authentication in the IIS configuration.
To do the actual authorization of the users you will could implement a custom ServiceAuthorizationManager to contain your authorization logic. There are lots of examples of how to do that last part on the web.
Alternatively you could configure in a standard ASP.Net membership provider if that is appropriate for your application.
http://msdn.microsoft.com/en-us/library/bb398990(VS.100).aspx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.