locked
WCF UserName Authentication Certificate Question RRS feed

  • Question

  • Hi Team,

    I have a WCF 3.0 Service as shown below with wsHttpBinding. It is hosted using Windows Service. I would like to implememnt UserName/Password authentication by setting clientCredentialType="UserName".

    I was able to install the service in Windows Service. However when I start the service, I am getting the following error. Service cannot be started. System.InvalidOperationException: The ChannelDispatcher at 'http://localhost:8000/ServiceModelSamples/FreeServiceWorld' with contract(s) '"IWeather"' is unable to open its IChannelListener.

    ---> System.InvalidOperationException: The ChannelDispatcher at 'http://localhost:8000/ServiceModelSamples/FreeServiceWorld' with contract(s) '"IssueAndRenewSession"' is unable to open its IChannelListener.

    ---> System.InvalidOperationException: The service certificate is not provided. Specify a service certificate in ServiceCredentials.

    1. Is it possible to have username authentication without using certificate?

    2. If I am not using certificate will the password be sent always as plaintext?

    3. How to correct the configuration to work with clientCredentialType="UserName" and certificate?

    4. How to set the certificate for this (any articles)?

    Please advise

     

    I have read: Using cleartext username/password is usually not recommended. WCF does not natively allow us to use such scenario.

     

     

    <?xml version="1.0" encoding="utf-8" ?>

    <configuration>

      <system.serviceModel>

     

        <bindings>

          <wsHttpBinding>

            <binding name="MyPasswordBinding">

              <security mode="Message">

                <message clientCredentialType="UserName"/>

              </security>

            </binding>

          </wsHttpBinding>

        </bindings>

       

        <services>

     

          <service name="Lijo.Samples.WeatherService"

                   behaviorConfiguration="WeatherServiceBehavior">

     

            <host>

              <baseAddresses>

                <add baseAddress="http://localhost:8000/ServiceModelSamples/FreeServiceWorld"/>

              </baseAddresses>

            </host>

     

            <endpoint address=""

                      binding="wsHttpBinding"

                      bindingConfiguration="MyPasswordBinding"

                      contract="Lijo.Samples.IWeather" />

            <endpoint address="mex"

                      binding="mexHttpBinding"

                      contract="IMetadataExchange" />

          </service>

        </services>

        <behaviors>

          <serviceBehaviors>

            <behavior name="WeatherServiceBehavior">

              <serviceMetadata httpGetEnabled="true"/>

              <serviceDebug includeExceptionDetailInFaults="True"/>

            </behavior>

          </serviceBehaviors>

        </behaviors>

       

      </system.serviceModel>

     

    </configuration>

     namespace Lijo.Samples { [ServiceContract(Namespace = "http://Lijo.Samples")] public interface IWeather { [OperationContract] int GetSum(int a, int b); } public class WeatherService : IWeather { public int GetSum(int a, int b) { return a + b; } } }

     

    Thanks

    Lijo


    Thursday, April 21, 2011 9:21 AM

Answers

  • Hello,

    wsHttpBinding demands that user name is send over secured channel. It means either HTTPS (also certificate) in case of TransportWihtMessageCredential security mode or WS-Security with service certificate in case of Message secuirty mode. The reason is that WCF supports only user name token profile with plain text password.

    To add certificate to your service you must define serviceCredentials in your service behavior

      <behaviors>
       <serviceBehaviors>
        <behavior name="WeatherServiceBehavior">
         <serviceMetadata httpGetEnabled="true"/>
         <serviceDebug includeExceptionDetailInFaults="True"/>
         <serviceCredentials>
          <serviceCertificate ... />
         </serviceCredentials>
        </behavior>
       </serviceBehaviors>
      </behaviors>
    
    Certificate must be installed in windows certificate store if you define it in configuration and must have private key (also private key must be accessible for account running your service).

    There are workarounds to force WCF to send unsecured token over HTTP but for that you need custom binding and either .NET 4.0 or special KB fix from Microsoft.

    Best regards,
    Ladislav

    • Proposed as answer by Dan Rosanova Thursday, April 21, 2011 12:54 PM
    • Marked as answer by Yi-Lun Luo Wednesday, April 27, 2011 9:07 AM
    Thursday, April 21, 2011 11:37 AM