WCF Security using custom username and password

Question

 

I would like to implement SECURITY for my WCF service. I am planning to use  custom username and password for validation.

<system.serviceModel>

    <services>

      <service name="WCFTestService.Service1" behaviorConfiguration="Service1.Service1Behavior">

        <host>

          <baseAddresses>

            <add baseAddress="http://localhost:3785/Service1.svc"/>

          </baseAddresses>

        </host>

        <endpoint address="username" binding="basicHttpBinding"

                  bindingConfiguration="https"

                  contract="WCFTestService.IService1"/>

        <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/>

      </service>

    </services>

   

<bindings >

      <basicHttpBinding>

        <!-- configure BasicHttp binding with Transport security mode and

                             clientCredentialType as None-->

        <binding name="https" >

          <security mode="TransportWithMessageCredential">

            <message clientCredentialType="UserName"/>

          </security>

        </binding>

      </basicHttpBinding>

    </bindings>

<behaviors>

      <serviceBehaviors>

        <behavior name="Service1.Service1Behavior">

          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->

          <serviceMetadata httpGetEnabled="true"/>

          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->

          <serviceDebug includeExceptionDetailInFaults="true" />

          <serviceCredentials >

            <userNameAuthentication

                userNamePasswordValidationMode="Custom"

                customUserNamePasswordValidatorType="WCFTestService.CustomValidator,WCFTestService"/>

          </serviceCredentials>

        </behavior>

      </serviceBehaviors>

    </behaviors>

But the problem is , when I try to run the service I am getting following error.

“Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. “

  I am stuck with this problem. Please help me.

Regards,

ranish

Answer 1

Hi,

You need HTTPS to test this scenario. You cannot host this service on http because of the security you enabled.

For more information of creating SSL refer to this.

http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis/

Thanks,

---

Welcome to MSDN Forums. Feel free to ask your questions and Please Note to Vote helpful topics and Mark answering posts. Sudhakar

Answer 2

I also faced the same  problem and solved it by the following steps..

1.I have hosted the service to IIS and and created a self sighned certificate.

2.In the action pane,select  bindings and added new site bindings with https and selected the SSL certificate.

3.Selected my Hosted WCF service and marked the  'require SSL' in the SSL settings..

So everything worked Fine..Thanks sudhakar..

---

Roshil K

Answer 3

Hello,
you use TransportWithMessageCredential as security. In this case the transport protocol "https" is used for encryption security.
Username and password are written in the soap header.
You can use TransportCredentialOnly for testing. It is very unsecure but you don't need https in testing environment.
Regards,
Timo

Answer 4

Thanks Sudhakar and Roshil

Answer 5

Hello 

I am new to WCF . I have implemeted a service . We had tested this in our local environment and on our local server , this seemed  fine . Now i have moved this to our clients server . We got a certificate created by the clients CA . I have completed the certificate request on IIS . I created a new website for this implementation , which has 2 services . 

I am using the below config , but when i browse the svc file on the service it gives me this error . i have tried various approaches suggested online but it doesnt help.

<?xml version="1.0"?>
<configuration>

  <system.web>
    <compilation targetFramework="4.0" />
  </system.web>
<appSettings>
<add key="FileTransferPath" value="c:\FileServer\"/>
    <add key="BackUpFileTransferPath" value="c:\BackedUpFiles\"/>
    <!--<add key="DBPath" value="C:\ProjectsSVN\MovenPathalogy\AppName\ClientsGPSystem\AppName.accdb"/>-->
    <add key="DBPath" value="C:\Program Files\ClientAppName\ClientAppNameServerSetup\AppName.accdb"/>
    <add key="DBPathx86" value="C:\Program Files (x86)\ClientAppName\ClientAppNameServerSetup\AppName.accdb"/>
</appSettings>
  <system.serviceModel>
 <services>
 <service name="FileTransfer.FileTransfer">
 <endpoint address="" binding="basicHttpBinding" contract="FileTransfer.IFileTransfer">
 <identity>
 <dns value="localhost" />
 </identity>
 </endpoint>
 <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
 <host>
 <baseAddresses>

      <add baseAddress="https://messaging.Clientandpartners.com/AppNameFileTransfer/" />  
</baseAddresses>
 </host>
 </service>
 </services>
 <behaviors>
 <serviceBehaviors>
 <behavior>
 <!-- To avoid disclosing metadata information, 
          set the value below to false and remove the metadata endpoint above before deployment -->
 <serviceMetadata httpGetEnabled="True"/>
 <!-- To receive exception details in faults for debugging purposes, 
          set the value below to true.  Set to false before deployment 
          to avoid disclosing exception information -->
 <serviceDebug includeExceptionDetailInFaults="False" />
 </behavior>
 </serviceBehaviors>
 </behaviors>
 
 <bindings>
      <basicHttpBinding>
        <binding name="basicHttpBinding_IFileTransfer"
          maxReceivedMessageSize="2147483647">
          <readerQuotas
            maxDepth="64"
            maxStringContentLength="2147483647"
            maxArrayLength="2147483647"
            maxBytesPerRead="4096"
            maxNameTableCharCount="16384"/>

          <security mode="Transport">
            <transport clientCredentialType="None"/>
          </security>
         
        </binding>
      </basicHttpBinding>

    </bindings>
  </system.serviceModel>
 <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

   <!--Turn on to log Trace-->
  <!--<system.diagnostics>
    <sources>
      <source name="System.ServiceModel"
              switchValue="Information, ActivityTracing"
              propagateActivity="true">
        <listeners>
          <add name="traceListener"
              type="System.Diagnostics.XmlWriterTraceListener"
              initializeData= "c:\logs\FileTransferTraces.svclog"/>
        </listeners>
      </source>
    </sources>
  </system.diagnostics>-->

</configuration>

Please Advise