none
How to disable WCF security

    Question

  • I'm trying to disable WCF security in IIS-hosted WCF service with wsHttpbinding (WCF release).

    I guess I should set <security mode="None">, but the question is where (in which configuration sections) this node should be placed? Nothing works so far for me. Can anybody forward a sample of working configurations (full content of web.config files) with disabled security - both for client and server side?

    Thanks,

    Igor

    Friday, November 10, 2006 2:40 PM

Answers

  • Ok, figured it out - so I can answer my own question now . Here is the configuration that finally works:


    Server:

    <system.serviceModel>

    <bindings>

    <wsHttpBinding>

    <binding name="Binding1">

    <security mode="None">

    <transport clientCredentialType="None" />

    <message establishSecurityContext="false" />

    </security>

    </binding>

    </wsHttpBinding>

    </bindings>

    <services>

    <service name="MyService">

    <endpoint binding="wsHttpBinding" bindingConfiguration="Binding1" contract="IMyContract" />

    </service>

    <services>

    ...


    Client:

    <system.serviceModel>

    <bindings

    <!-- same as on server side -->

    <wsHttpBinding>

    <binding name="Binding1">

    <security mode="None">

    <transport clientCredentialType="None" />

    <message establishSecurityContext="false" />

    </security>

    </binding>

    </wsHttpBinding>

    </bindings>

    <client>

    <endpoint address=http://localhost/MySite/MyService.svc binding="wsHttpBinding" bindingConfiguration="Binding1" contract="IMyContract" name="IMyContract">

    <identity>

    <userPrincipalName value="my_machine\ASPNET" />

    </identity>

    </endpoint>

    </client>

    ....

     

    Friday, November 10, 2006 4:07 PM

All replies

  • Ok, figured it out - so I can answer my own question now . Here is the configuration that finally works:


    Server:

    <system.serviceModel>

    <bindings>

    <wsHttpBinding>

    <binding name="Binding1">

    <security mode="None">

    <transport clientCredentialType="None" />

    <message establishSecurityContext="false" />

    </security>

    </binding>

    </wsHttpBinding>

    </bindings>

    <services>

    <service name="MyService">

    <endpoint binding="wsHttpBinding" bindingConfiguration="Binding1" contract="IMyContract" />

    </service>

    <services>

    ...


    Client:

    <system.serviceModel>

    <bindings

    <!-- same as on server side -->

    <wsHttpBinding>

    <binding name="Binding1">

    <security mode="None">

    <transport clientCredentialType="None" />

    <message establishSecurityContext="false" />

    </security>

    </binding>

    </wsHttpBinding>

    </bindings>

    <client>

    <endpoint address=http://localhost/MySite/MyService.svc binding="wsHttpBinding" bindingConfiguration="Binding1" contract="IMyContract" name="IMyContract">

    <identity>

    <userPrincipalName value="my_machine\ASPNET" />

    </identity>

    </endpoint>

    </client>

    ....

     

    Friday, November 10, 2006 4:07 PM
  • When I use the specified binding configurations, I get a ServiceActivationException with message "Unrecognized attribute 'establishSecurityContext'". The <transport> tag is also flagged as erroneous and has no itellisense support.

    I'm currently using VS 2008 and .NET 3.5 SP1. It's been along time since this post was written, have the configurations shown here been deprecated? If so, what now is the current way to disable security?

    Wednesday, February 11, 2009 3:32 PM
  • I just realized I'm an idiot, I'm using a wsDualHttpBinding. I can verify that the configuration in this post does indeed work for wsHttpBinding, but not for a dual binding.

    So, my actual question is how do you disable security for a dual binding if it's even possible?
    Wednesday, February 11, 2009 3:48 PM
  • Hi,

          wsDualHttpBinding supports only Message Security. So you are getting errors for transport etc. tags. I suggest you WCF Service Configuration Editor (right click your config file in VS.NET to find it). Just make <security mode="None" /> to unsecure wsDualHttpBinding.

    Wednesday, April 15, 2009 11:42 AM
  • hello, I have similar issue, can you please tell me if this will work for TCP protocol with Self Hosted service rather using IIS. 


    I create service config this way: 


     host = new ServiceHost(typeof(FrontService), new Uri(URI));

                   NetTcpBinding binding = CreateTCPBinding();

                   host.AddServiceEndpoint(typeof(
                        IFrontService),
                        binding, URI);

     host.Open();
    /helper method

        private NetTcpBinding CreateTCPBinding()
            {
                NetTcpBinding binding = new NetTcpBinding();
                binding.TransferMode = TransferMode.Streamed;
                binding.ReceiveTimeout = TimeSpan.MaxValue;
                binding.MaxReceivedMessageSize = long.MaxValue;
                binding.MaxBufferSize = int.MaxValue;
                binding.MaxBufferPoolSize = int.MaxValue;
                binding.CloseTimeout = TimeSpan.MaxValue;
                binding.OpenTimeout = TimeSpan.MaxValue;
                binding.SendTimeout = TimeSpan.MaxValue;

                return binding;
            }

    and client: (binding and address are same)


       using (ChannelFactory<IFrontService> channel = new ChannelFactory<IFrontService>(binding, address))
                {

                    IFrontService uploader = channel.CreateChannel();

    //calling some method
    }

    C# developer
    Friday, August 28, 2009 9:50 PM