WCF authentication without certificate
Question
I'm setting up a WCF service. The service has to use transport security over https and I need to use some kind of authentication to prevent unwanted usage.
Digging in to WCF theory has disapointed me so far.
What I have found out so far is that I can use UserName authentication with transport security. But then I will need a certificate to secure the message.
And this makes it difficult to consume with most .NET languages.
I am surprised that I cannot find any good information on how to authenticate a user with wcf without message security?
What I would like is that the client passes username and password in some way to my service.
And for the record. The service will be using transport security.
To break it down:
- How can I implement authentication without limiting interoperability?
- Is WCF services so cumbersome that I either have to use a completely open service. And use IP filtering or VPN to restrict access?
UPDATE: Since I am planing to use https with a SSL sertificate, will security mode "TransportWithMessageCredential" be the solution for me?
2 answers
solution1
1 2012-11-28 21:02:09
The only way to get REAL security IS to use digital certificates.
See my own question on this topic for details.
solution2
0 ACCPTED 2012-11-28 21:33:44
您确实正在寻找TransportWithMessageCredential(又名混合模式安全性)。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.