Transmission security guaranteed by basic identity authentication
Demonstrate a Windows Communication Foundation (WCF) service and client. The server requires a valid X.509 Certificate for Secure Sockets Layer (SSL), and the client must trust this server certificate. In addition, the Web service already has an SSL implementation that can be used. For more information about enabling basic authentication in Internet Information Service (IIS), see http://go.microsoft.com/fwlink? LinkId = 83822 (may be an English webpage ).
Features |
Description |
Security Mode |
Transmission |
Interoperability |
Interoperability with existing Web service clients and services |
Authentication (server) Authentication (client) |
Yes (Use HTTPS) Yes (by user name/password) |
Integrity |
Yes |
Confidentiality |
Yes |
Transport |
HTTPS |
Bind |
WSHttpBinding |
Service
The following code and configuration will run independently. Perform one of the following operations:
- Use code instead of configuration to create an independent service.
- Use the provided configuration to create the service, but do not define any endpoints.
Code
The following code creates a service endpoint that uses the Windows domain user name and password to ensure transmission security. Please note that this service requires the use of X.509 Certificate for authentication to the client. For more information, see use certificates and how to: use SSL certificates to Configure Ports.
Configuration
The following describes how to configure a service to use Basic Authentication with transport-level security:
<?xml version="1.0" encoding="utf-8"?><configuration> <system.serviceModel> <bindings> <wsHttpBinding> <binding name="UsernameWithTransport"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </wsHttpBinding> </bindings> <services> <service name="BasicAuthentication.Calculator"> <endpoint address="https://localhost/Calculator" binding="wsHttpBinding" bindingConfiguration="UsernameWithTransport" name="BasicEndpoint" contract="BasicAuthentication.ICalculator" /> </service> </services> </system.serviceModel></configuration>
Client code
The following code demonstrates the client code including the user name and password. Note that this user must provide a valid Windows user name and password. The code used to return the user name and password is not displayed here. Use the dialog box or other interfaces to query user information.
Note: |
The user name and password can only be set using code. |
Configuration
The following code demonstrates client configuration.
Note: |
You cannot use the configuration to set the user name and password. The configuration shown here must be expanded using code to set the user name and password. |
<?xml version="1.0" encoding="utf-8"?><configuration> <system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_ICalculator" > <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="https://machineName/Calculator" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ICalculator" contract="ICalculator" name="WSHttpBinding_ICalculator" /> </client> </system.serviceModel></configuration>