locked
WCF Authentication RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I would like to implement Authentication in my WCF
    application.

    As per requirement I want to implement Custom user Authentication.

    What is the best way to implement Custom user Authentication?

    In my research I found that “TransportWithMessageCredential”
    type .  
    <    security mode="TransportWithMessageCredential">

               <message clientCredentialType="UserName"/>


    Is this the Correct option?

    When I tried to run the service I got the following error

    Could not find a base address that
    matches scheme https for the endpoint with binding BasicHttpBinding. Registered
    base address schemes are [http].”


     After that I have
    hosted the service in my local IIS and assisgned self-signed certificate
    and  enbled SSL certificate(Checked the “Require
    SSL” under SSL settings). Then I found that my service is Working.  Later I have Unchecked the “Require SSL”
    under SSL settings .That time also found 
    My service is working.

    Does it require to Check the “Require SSL” checkbox  for this type of Authentication?

    Also please let me know is this the right way  for WCF Authentication?

    Regards,

    Ranish


    Friday, March 2, 2012 5:13 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Please refer to these posts

    http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/6ce77a50-99d2-430f-9abf-7eb05ab24282

    http://social.msdn.microsoft.com/forums/en-us/wcf/thread/8D88C154-6D55-4BD8-9C86-96BF8D7404E1

    Welcome to MSDN Forums. Feel free to ask your questions and Please Note to Vote helpful topics and Mark answering posts. Sudhakar

    • Proposed as answer by Anup Hosur Friday, March 2, 2012 11:46 AM
    • Marked as answer by Yi-Lun Luo Thursday, March 8, 2012 9:50 AM
    Friday, March 2, 2012 9:21 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The SSL setting in IIS is specific to client certificates. If your service is configured for 2 way SSL and the client needs to provide an SSL then this setting of IIS needs to be used along with your configuration specified in the config file.

    If its just one way SSL i.e. only your transport channel is secured then this option should not make any difference in your case.

    Rajesh S V

    • Marked as answer by Yi-Lun Luo Thursday, March 8, 2012 9:50 AM
    Friday, March 2, 2012 11:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Ranish,

    The "TransportWithMessageCredential" binding means that you need to secure the WCF message transfer at transport layer. And for HTTP based binding, that means you need to use HTTPS channel for your WCF service endpoint. And for authentication, it still uses the authenticaiton methods you defined at WCF message layer(such as the username authentiction you specified).

    After you configured the SSL certificate and check "required ssl" in IIS, your service starts working. And the "Required SSL" means that you will force the certain IIS application virtual directory or files be accessed through HTTPS/SSL channel. For your case, I think you should check "Require SSL" because your WCF service is demanding the HTTS/SSL secure channel at transport layer.

    #Require Secure Sockets Layer (IIS 7)
    http://technet.microsoft.com/en-us/library/cc732367(v=WS.10).aspx

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Yi-Lun Luo Thursday, March 8, 2012 9:50 AM
    Monday, March 5, 2012 4:01 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Please refer to these posts

    http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/6ce77a50-99d2-430f-9abf-7eb05ab24282

    http://social.msdn.microsoft.com/forums/en-us/wcf/thread/8D88C154-6D55-4BD8-9C86-96BF8D7404E1

    Welcome to MSDN Forums. Feel free to ask your questions and Please Note to Vote helpful topics and Mark answering posts. Sudhakar

    • Proposed as answer by Anup Hosur Friday, March 2, 2012 11:46 AM
    • Marked as answer by Yi-Lun Luo Thursday, March 8, 2012 9:50 AM
    Friday, March 2, 2012 9:21 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The SSL setting in IIS is specific to client certificates. If your service is configured for 2 way SSL and the client needs to provide an SSL then this setting of IIS needs to be used along with your configuration specified in the config file.

    If its just one way SSL i.e. only your transport channel is secured then this option should not make any difference in your case.

    Rajesh S V

    • Marked as answer by Yi-Lun Luo Thursday, March 8, 2012 9:50 AM
    Friday, March 2, 2012 11:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Ranish,

    The "TransportWithMessageCredential" binding means that you need to secure the WCF message transfer at transport layer. And for HTTP based binding, that means you need to use HTTPS channel for your WCF service endpoint. And for authentication, it still uses the authenticaiton methods you defined at WCF message layer(such as the username authentiction you specified).

    After you configured the SSL certificate and check "required ssl" in IIS, your service starts working. And the "Required SSL" means that you will force the certain IIS application virtual directory or files be accessed through HTTPS/SSL channel. For your case, I think you should check "Require SSL" because your WCF service is demanding the HTTS/SSL secure channel at transport layer.

    #Require Secure Sockets Layer (IIS 7)
    http://technet.microsoft.com/en-us/library/cc732367(v=WS.10).aspx

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Yi-Lun Luo Thursday, March 8, 2012 9:50 AM
    Monday, March 5, 2012 4:01 AM