| title | description | ms.date | dev_langs | ms.assetid | ||
|---|---|---|---|---|---|---|
Transport Security with Basic Authentication |
Review this WCF scenario, which shows basic authentication for a WCF service and client. The service needs a valid certificate that the client trusts. |
03/30/2017 |
|
b54f491d-196b-4279-876c-76b83ec0442c |
The following illustration shows a Windows Communication Foundation (WCF) service and client. The server needs a valid X.509 certificate that can be used for Secure Sockets Layer (SSL), and the clients must trust the server’s certificate. Further, the Web service already has an SSL implementation that can be used. For more information about enabling basic authentication on Internet Information Services (IIS), see Basic Authentication.
| Characteristic | Description |
|---|---|
| Security Mode | Transport |
| Interoperability | With existing Web service clients and services |
| Authentication (Server) Authentication (Client) |
Yes (using HTTPS) Yes (through User name/Password) |
| Integrity | Yes |
| Confidentiality | Yes |
| Transport | HTTPS |
| Binding | xref:System.ServiceModel.WSHttpBinding |
The following code and configuration are meant to run independently. Do one of the following:
-
Create a stand-alone service using the code with no configuration.
-
Create a service using the supplied configuration, but do not define any endpoints.
The following code shows how to create a service endpoint that uses a Windows domain user name and password for transfer security. Note that the service requires an X.509 certificate to authenticate to the client. For more information, see Working with Certificates and How to: Configure a Port with an SSL Certificate.
[!code-csharpC_SecurityScenarios#1] [!code-vbC_SecurityScenarios#1]
The following configures a service to use basic authentication with transport-level security:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="UsernameWithTransport">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="BasicAuthentication.Calculator">
<endpoint address="https://localhost/Calculator"
binding="wsHttpBinding"
bindingConfiguration="UsernameWithTransport"
name="BasicEndpoint"
contract="BasicAuthentication.ICalculator" />
</service>
</services>
</system.serviceModel>
</configuration> The following code shows the client code that includes the user name and password. Note that the user must provide a valid Windows user name and password. The code to return the user name and password is not shown here. Use a dialog box or other interface to query the user for the information.
Note
User name and password can only be set using code.
[!code-csharpC_SecurityScenarios#2] [!code-vbC_SecurityScenarios#2]
The following code shows the client configuration.
Note
You cannot use configuration to set the user name and password. The configuration shown here must be augmented using code to set the user name and password.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ICalculator" >
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://machineName/Calculator"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ICalculator"
contract="ICalculator"
name="WSHttpBinding_ICalculator" />
</client>
</system.serviceModel>
</configuration> - xref:System.ServiceModel.ClientBase%601.ClientCredentials%2A
- xref:System.ServiceModel.Security.UserNamePasswordClientCredential
- Working with Certificates
- How to: Configure a Port with an SSL Certificate
- Security Overview
- <clientCredentials>
- Security Model for Windows Server App Fabric