UserName authentication for WCF WebService

Question

I am having an absolute nightmare trying to get this to work. Can someone please point me in the right direction or tell me where I am going wrong?

I have created a certificate which is located in LocalMachine\\My .

• I have a console application that hosts a WCF WebService.
• I have an ASP.NET website that connects to the WebService.

I have followed advice on this site and others and documentation but seem to be missing something as my ASP.NET website can still connect to the WebService without authentication.

So to summarise: the website connects to the web service fine which indicates the authentication isn't working as I have yet to tell the website what security settings it needs to connect to the webservice.

Thankyou in advance

Here is the info:

Console App (hosting WebService)

Program.cs

WebService Host (console app) uses the following code in

ServiceHost host = new ServiceHost(typeof(MyService));
host.Open();

App.Config (abbreviated)

<services>
  <service behaviorConfiguration="MetaDataBehaviour" name="MyService_Provider.MyService">
    <clear />
    <endpoint address="myService" binding="wsHttpBinding" contract="MyService_Provider.IMyService"
        listenUriMode="Explicit" />
    <host>
      <baseAddresses>
        <add baseAddress="http://localhost:8080" />
      </baseAddresses>
    </host>
  </service>
</services>

MyService Provider

App.Config (abbreviated)

 <system.serviceModel>
    <bindings />
    <client />
    <services>
      <service behaviorConfiguration="MyService_Provider.Service1Behavior"
        name="MyService_Provider.MyService">
        <endpoint address="" binding="wsHttpBinding" contract="MyService_Provider.IMyService">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:8732/Design_Time_Addresses/MyService_Provider/Service1/" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="MyService_Provider.Service1Behavior">
          <serviceMetadata httpGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyService_Provider.CredentialsValidator,MyService_Provider"/>
            <serviceCertificate findValue="mycert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

Answer 1

You haven't specified any security requirements for your service. Have a look at this article for an example of configuring a service to use certificates.