Common Security Solutions for WCF (IV)

Transmission security guaranteed by basic identity authentication

Demonstrate a Windows Communication Foundation (WCF) service and client. The server requires a valid X.509 Certificate for Secure Sockets Layer (SSL), and the client must trust this server certificate. In addition, the Web service already has an SSL implementation that can be used. For more information about enabling basic authentication in Internet Information Service (IIS), see http://go.microsoft.com/fwlink? LinkId = 83822 (may be an English webpage ).

Features	Description
Security Mode	Transmission
Interoperability	Interoperability with existing Web service clients and services
Authentication (server) Authentication (client)	Yes (Use HTTPS) Yes (by user name/password)
Integrity	Yes
Confidentiality	Yes
Transport	HTTPS
Bind	WSHttpBinding

Service

The following code and configuration will run independently. Perform one of the following operations:

• Use code instead of configuration to create an independent service.
• Use the provided configuration to create the service, but do not define any endpoints.

Code

The following code creates a service endpoint that uses the Windows domain user name and password to ensure transmission security. Please note that this service requires the use of X.509 Certificate for authentication to the client. For more information, see use certificates and how to: use SSL certificates to Configure Ports.

Configuration

The following describes how to configure a service to use Basic Authentication with transport-level security:

<?xml version="1.0" encoding="utf-8"?><configuration>    <system.serviceModel>        <bindings>            <wsHttpBinding>                <binding name="UsernameWithTransport">                    <security mode="Transport">                        <transport clientCredentialType="Basic" />                    </security>                </binding>            </wsHttpBinding>        </bindings>        <services>            <service name="BasicAuthentication.Calculator">                <endpoint address="https://localhost/Calculator"                          binding="wsHttpBinding"                           bindingConfiguration="UsernameWithTransport"                          name="BasicEndpoint"                           contract="BasicAuthentication.ICalculator" />            </service>        </services>    </system.serviceModel></configuration>

Client code

The following code demonstrates the client code including the user name and password. Note that this user must provide a valid Windows user name and password. The code used to return the user name and password is not displayed here. Use the dialog box or other interfaces to query user information.

Note:
The user name and password can only be set using code.

Configuration

The following code demonstrates client configuration.

Note:
You cannot use the configuration to set the user name and password. The configuration shown here must be expanded using code to set the user name and password.

<?xml version="1.0" encoding="utf-8"?><configuration>  <system.serviceModel>    <bindings>      <wsHttpBinding>        <binding name="WSHttpBinding_ICalculator" >          <security mode="Transport">            <transport clientCredentialType="Basic" />          </security>        </binding>      </wsHttpBinding>    </bindings>    <client>      <endpoint address="https://machineName/Calculator"                 binding="wsHttpBinding"                bindingConfiguration="WSHttpBinding_ICalculator"                 contract="ICalculator"                name="WSHttpBinding_ICalculator" />    </client>  </system.serviceModel></configuration>