Last post Jun 10, 2013 09:21 PM by sapator
Jun 05, 2013 09:16 PM|sapator|LINK
Hi. I am able to use WCF services but i have one question. I am looking at securing the WCF using authentication and membership database when data is passed to an asp.net application. My question is, do i need to add a certificate to the server in order
for the membership to work? Right now i can pass the username-password combination but no matter what credentials i may give the service will always go through unblocked. So do i have to use a certificate or is there another way?
Jun 06, 2013 11:31 PM|Amy Peng - MSFT|LINK
It seems that you are using the username anthentication withe message security.
In order to provide message protection at the message level, you need to install and configure a service certificate as service credentials.
For more information, please try to refer to:
Hope it can help you,
Jun 07, 2013 07:32 PM|sapator|LINK
Hi. Thanks. I see that you can only use HttpBinding in Internet security. I also read that you can only use Transport or Message security for internet so i got curious when you said i was using username anthentication with message security. Am i doing something
wrong because i have set security to transport on web.config. In general what do you suggest as a security model for internet WCF solution?
Also is there any possible way to avoid a certificate on IIS or WCF needs a certificate for internet security with transport?
Jun 09, 2013 09:25 PM|Amy Peng - MSFT|LINK
I am sorry for the late reply.
With transport security, the service credentials are negotiated by default. When using HTTP bindings, the WCF service typically is hosted in Internet information Services (IIS) and the transport security is provided by SSL. The SSL certificate
is used to provide the message protection.
So in my mind it is not possible.
Hope it can help you.
Jun 10, 2013 02:07 AM|sapator|LINK
That's a pitty,
Is there a specific certificate i should have in mind?
Jun 10, 2013 02:20 AM|Amy Peng - MSFT|LINK
The X.509 certificates can be very easy to use, please try to refer to:
# simple steps to enable X.509 certificates on WCF:
Jun 10, 2013 09:21 PM|sapator|LINK
Thanks. Will have a look one of these days and post if i have any problem.