WCF Service Configuration to use AspNetSqlMembershipProvider and Secure transport Message RRS feed

  • Question

  • User-710473486 posted

    Hi i have a some wcf service in a silverlight project everything works excellent except one problem. i want to encrypt the message transported over the wire, if i use a sniffer tool like fidler i can see the objects in clear text including the user name and password. My wcf service uses AspNetSqlMembership, i want to configure my service to use both AspNetSqlMembership and secure message over wire how to achive this, below are some of my wcf configuration sections. Thanks

            <service name="WcfServiceLibrary.Common">
            <endpoint binding="customBinding" bindingConfiguration="CustBind"
              contract="WcfServiceLibrary.Common" />
            <behavior name="">
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="True" />
              <serviceDebug includeExceptionDetailInFaults="true" />
                <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
                  membershipProviderName="AspNetSqlMembershipProvider" />
            <binding name="CustBind">        
              <security authenticationMode="UserNameOverTransport" />         

    Wednesday, September 4, 2013 1:03 AM

All replies

  • User260886948 posted


    If you want to secure transport Message, please try to use the SSL, then it will encrypt communications. SSL requires a digital certificate, so then you should create and specify a certificate to use.

    For more information, please try to refer to these following articles:

    #Securing WCF Services: Using ASP.NET Membership & Role Providers:
    http://burcakcakiroglu.com/?p=2113 .

    #WCF Security - Implementation:
    http://blog.csdn.net/riverlau/article/details/6947454 .

    Best Regards.

    Wednesday, September 4, 2013 11:03 PM
  • User-710473486 posted

    Thanks for the reply the article link u shared was of great help. I configured my iis to use ssl, which is self created using iis tool and wcf to use basicHTTPbinding with Transport mode security everyting works fine but still same problem if i use filder i can see the soap messages inclusind the username and password. is there anything i m missing or else self signed cert dont work. Thanks

    Thursday, September 5, 2013 4:59 AM