locked
WCF Authentication and security with transport RRS feed

Answers

All replies

  • Hi,
      you are right,
      WCF has two security model:
      Transport and Message.
      As I know,most cases need sever supply a Certificate,No matter Transport or Message security model.
      only except Windows authenticatons.
      1.For Window autentcation,The WCF will use windows domain account to valite the sever and client,
       That Window autentcation is the default setting for NetTcpBinding.
      It uses Https to encrypt the data .
      2.Message security model,you need creat a certificate for the server ,it use to creat tls when negotiation with each other.
        If you use NetTcpBinding for message security ,you need not to create the certifcate.
       
       but the clients and server must be in one domain.
      
      I have finished two samples for Transport or Message security model using Window autentication
    you can down here
    /Files/frank_xl/7.3.WCFServiceSecurityDemoFrankXuLei_Message_Windows_NetTcpBinding.rar
    /Files/frank_xl/3.3.WCFServiceSecurityDemoFrankXuLei_Transport_Windows_NetTcpBinding.rar

      http://www.cnblogs.com/frank_xl/archive/2009/08/25/1543864.html
    http://www.cnblogs.com/frank_xl/archive/2009/08/18/1543861.html

       regards

       
    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    • Marked as answer by Maxus01 Wednesday, September 2, 2009 1:29 AM
    Tuesday, September 1, 2009 12:40 PM
  • That's correct. All the security models require a server certificate when the client credentials are not windows credentials. When the service is authenticated the client with windows authentication, the session key in the kerberos token is used to protect the communication as well.

    Regards,
    Pablo.
    Pablo Cibraro - http://weblogs.asp.net/cibrax
    • Marked as answer by Maxus01 Wednesday, September 2, 2009 1:29 AM
    Tuesday, September 1, 2009 1:33 PM
  • Hi Frank Xu Lei and Pablo Cibraro,

    Thank you for your answers, they are perfect, i suspected as much but wanted to double check it. the WCF security model is a complex beast :)

    Thanks Again,
    Maxus

    P.S. I have been reading you blog since forever Pablo, nice work.
    Wednesday, September 2, 2009 1:29 AM