WCF public web service security using username, password

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: AardvarkHunter <AardvarkHunter@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 28 Jul 2009 08:30:02 -0700

---

Hi,
What's the easiest way to secure a public-facing WCF web service? It seems
like the client should be able to create a proxy through the WSDL and call
this but mine's not working. I'm tweaking the bindings in my config and
trying to implement a BasicAuthenticationModule in the httpModules section of
the config like I've seen in some online samples, but nothing is working.

Service1Client sc = new Service1Client();
sc.ChannelFactory.Credentials.UserName.UserName = "name";
sc.ChannelFactory.Credentials.UserName.Password = "pwd";

string data = sc.GetData(1);
MessageBox.Show(data);

My WCF web service will then need to read these values and authenticate
against a custom datastore.

In production the Webservice will be over https, but testing on my pc won't
be (if that matters). If testing needs to be https to make things simpler I
believe I can spoof a secure layer.

The facts:
I'm using dotnet 3.5. Volume on the WS will be low. I have a few cases
where the parameters coming into the ws need to very secure, but the data
going out is not as confidential, so I don't the highest level of security
available.

Thanks in advance,
Greg
.

---

• Prev by Date: Re: web camera
• Next by Date: Exception
• Previous by thread: web camera
• Next by thread: Exception
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Is this REALLY a secure site? ... >> How can anyone really know if an SSL or HTTPS connection is truly ... Even if it is theoretically secure ... major credit card company wound up making the authorization against my ... > site uses a numerical IP address: those are always bogus. ... (microsoft.public.windowsxp.general) Re: Secure an upload page ... The most secure way to do downloads might be to use NTFS ... If the upload page ... I am using https ... (microsoft.public.inetserver.iis.security) Re: At What Point Does the Security Begin? ... All secure forms examine this variable, and if empty redirect to the ... all pages behind the login are posted through SSL. ... in which I understand .NET uses a cookie behind ... not secure (it's called at http, not https) but posts to a page ... (microsoft.public.dotnet.security) Re: Ethernet cable question. ... I have developed Web HTTPS site ... solutions on the server and on the client end. ... *CAN* be secure. ... (microsoft.public.windows.vista.general) Re: Setting up HTTPS w/subdomain on Apache2 ... Secure data transfer ... The docs recommended using SSL, ... I'm mistaken, HTTP w/SSL = HTTPS. ... Authentication would be basic or digest (Personally I'm using basic ... (Ubuntu)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.webservices  > 2009-07