WCF service username/password authentication over HTTP without SSL
Question
I would like to protect a simple WCF service sending username and password from the client and using a CustomUserNamePasswordValidator. With every example I try on the Web I am stuck behind huge configurations and obscure errors, SSL, certificates, etc...
The most similar alternative (to let you understand better) would be to pass a "serviceUsername" and "servicePassword" parameter (maybe hashed) to each and every method of the service and perform authentication here, but I admit it's an ugly and dirty solution.
I don't mind encrypting credential, because it won't be a security critical service. I need only a basic form of protection.
Thank you!
Alessandro
1 answers
solution1
5 2012-02-08 10:34:32
In order to use Username/password authentication with BasicHttpBinding you cannot achieve as WCF imposes a restriction of passing username/password in clear text over the channel.
In order to overcome this issue we have something called ClearUserNameBinding . This binding allows you to pass username/password over the channel which is similar to BasicHttpBinding
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.