none
Need to get all list for different kind of authentication exist for wcf RRS feed

  • Question

  • i like to know the name of all different kind of authentication used for wcf. i know one of them that is form auth.

    please get me the list of all different kind of authentication people may used for wcf. thanks

    Friday, November 13, 2015 10:01 AM

Answers

  • WCF supports the following six security modes:

    •None. Messages are not secured.
    •Transport. Messages are secured using transport security.
    •Message. Messages are secured using message security.
    •TransportWithMessageCredential. Message protection and authorization occur at the transport level and credentials are passed with the message.
    •TransportCredentialOnly. Credentials are passed at the transport level but the message is not encrypted. This option is available only if you are using the BasicHttpBinding binding.
    •Both. Messages are secured using both transport level and message level security. This is supported only if you are using Microsoft Message Queue Server.

    WCF also supports the following credential types when you are using transport level security:

    •Windows. The client uses a Windows token representing the logged in user’s Windows identity. The service uses the credentials of the process identity or an SSL certificate.
    •Basic. The client passes a user name and password to the service. Typically, the user will enter the user name and password in a login dialog box. The service uses a SSL certificate. This option is available only with HTTP protocols.
    •Certificate. The client uses an X.509 certificate and the service uses either that certificate or an SSL certificate.
    •NTLM. The service validates the client using a challenge/response scheme against Windows accounts. The service uses a SSL certificate. This option is available only with HTTP protocols.
    •None. The service does not validate the client.

    ..and the following credential types when you are using message level security:
    •Windows. The client uses a Windows token representing the logged in user’s Windows identity. The service uses the credentials of the process identity or an SSL certificate.
    •UserName. The client passes a user name and password to the service. Typically, the user will enter the user name and password in a login dialog box. The service can validate the user name and password using a Windows account or the ASP.NET membership provider.
    •Certificate. The client uses an X.509 certificate and the service uses either that certificate or an SSL certificate.
    •IssueToken. The client and service use the Secure Token Service, which issues tokens the client and service trust. Windows CardSpace uses the Secure Token Service.
    •None. The service does not validate the client.

    Please refer to the documentation for more information: https://msdn.microsoft.com/en-us/library/ff405740.aspx

    Hope that helps.

    Please remember to close your threads by marking helpful posts as answer and then start a new thread if you have a new question. Please don't ask several questions in the same thread.

    • Marked as answer by Mou_kolkata Saturday, November 14, 2015 12:08 PM
    Friday, November 13, 2015 3:59 PM