internet-unsecured-client-and-service.md

description	title	ms.date	dev_langs	ms.assetid
Learn more about: Internet Unsecured Client and Service	Internet Unsecured Client and Service	03/30/2017	csharp vb	97a10d79-3e7d-4bd1-9a99-fd9807fd70bc

Internet Unsecured Client and Service

The following illustration shows an example of a public, unsecured Windows Communication Foundation (WCF) client and service:

Characteristic	Description
Security Mode	None
Transport	HTTP
Binding	xref:System.ServiceModel.BasicHttpBinding in code, or the <basicHttpBinding> element in configuration.
Interoperability	With existing Web service clients and services
Authentication	None
Integrity	None
Confidentiality	None

Service

The following code and configuration are meant to run independently. Do one of the following:

• Create a stand-alone service using the code with no configuration.

• Create a service using the supplied configuration, but do not define any endpoints.

Code

The following code shows how to create an endpoint with no security. By default, the xref:System.ServiceModel.BasicHttpBinding has the security mode set to xref:System.ServiceModel.BasicHttpSecurityMode.None.

[!code-csharpC_UnsecuredService#1] [!code-vbC_UnsecuredService#1]

Service Configuration

The following code sets up the same endpoint using configuration.

<?xml version="1.0" encoding="utf-8"?>  
<configuration>  
  <system.serviceModel>  
    <behaviors />  
    <services>  
      <service behaviorConfiguration="" name="ServiceModel.Calculator">  
        <endpoint address="http://localhost/Calculator"
                  binding="basicHttpBinding"  
                  bindingConfiguration="Basic_Unsecured"
                  name="BasicHttp_ICalculator"  
                  contract="ServiceModel.ICalculator" />  
      </service>  
    </services>  
    <bindings>  
      <basicHttpBinding>  
        <binding name="Basic_Unsecured" />  
      </basicHttpBinding>  
    </bindings>  
    <client />  
  </system.serviceModel>  
</configuration>  

Client

The following code and configuration are meant to run independently. Do one of the following:

• Create a stand-alone client using the code (and client code).

• Create a client that does not define any endpoint addresses. Instead, use the client constructor that takes the configuration name as an argument. For example:

  [!code-csharpC_SecurityScenarios#0] [!code-vbC_SecurityScenarios#0]

Code

The following code shows a basic WCF client that accesses an unsecured endpoint.

[!code-csharpC_UnsecuredClient#1] [!code-vbC_UnsecuredClient#1]

Client Configuration

The following code configures the client.

<?xml version="1.0" encoding="utf-8"?>  
<configuration>  
  <system.serviceModel>  
    <bindings>  
      <basicHttpBinding>  
        <binding name="BasicHttpBinding_ICalculator" >  
          <security mode="None">  
          </security>  
        </binding>  
      </basicHttpBinding>  
    </bindings>  
    <client>  
      <endpoint address="http://localhost/Calculator/Unsecured"  
          binding="basicHttpBinding"
          bindingConfiguration="BasicHttpBinding_ICalculator"  
          contract="ICalculator"
          name="BasicHttpBinding_ICalculator" />  
    </client>  
  </system.serviceModel>  
</configuration>  

See also

• Common Security Scenarios
• Security Overview
• Security Model for Windows Server App Fabric