Wcf TransportCredentialOnly mode: Basic clear text credentials over unsecured transport

Damir Dobric Posts

Next talks:

 

    

Follow me on Twitter: #ddobric



 

 

Archives

During development of WCF communication, you can have a requirement to establish the communication over secured transport by using of SSL. In that case the transport security should be used:

 

<security mode="Transport">

 

Note that in this case in the endpoint configuration a HTTPS address has to be specified. However, if the address specified in the endpoint uses HTTP protocol instead of HTTPS InvalidOperationException is thrown:

 

Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]

 

This is because WCF does not permit sending of the clear password over unsecured transport. Unfortunately, in the test environment it is not always possible to install quickly the completed trusted certificate chain.

 

In such cases, using of HTTP and basic clear text (FOR TESTING PURPOSES ONLY) could be helpful.

This can be done if following TransportCredentialOnly security mode is used as shown:

 

<security mode="TransportCredentialOnly">

 

 

Following two configuration files show how this security mode can be configured and the client and server:

 

Server configuration file

 

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

 

  <appSettings>

    <!-- use appSetting to configure base address provided by host -->

    <add key="baseAddress" value="http://localhost:8000/servicemodelsamples/service" />

  </appSettings>

 

  <system.serviceModel>

    <bindings>

      <basicHttpBinding>

        <binding name="NewBinding">

          <security mode="TransportCredentialOnly">

            <transport clientCredentialType="Basic" />

          </security>

        </binding>

      </basicHttpBinding>

    </bindings>

    <services>

      <service name="Microsoft.ServiceModel.Samples.CalculatorService">

        <endpoint binding="basicHttpBinding" bindingConfiguration="NewBinding"

          name="MyService" contract="Microsoft.ServiceModel.Samples.ICalculator" />

      </service>

    </services>

 

 

 

  </system.serviceModel>

 

</configuration>

 

 

Client Configuration File

 

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

  <system.serviceModel>

    <bindings>

      <basicHttpBinding>

        <binding name="NewBinding">

          <security mode="TransportCredentialOnly">

            <transport clientCredentialType="Basic" />

          </security>

        </binding>

      </basicHttpBinding>

    </bindings>

   

    <client>

      <endpoint binding="basicHttpBinding" bindingConfiguration="NewBinding"

           name="MyService" contract="Microsoft.ServiceModel.Samples.ICalculator"

           address="http://localhost:8000/servicemodelsamples/service"/>

    

    </client>

 

  </system.serviceModel>

 

</configuration>


Posted Jul 31 2006, 06:00 PM by Damir Dobric
Filed under:

Comments

Paul wrote re: Wcf TransportCredentialOnly mode: Basic clear text credentials over unsecured transport
on 04-27-2007 14:20

I can get this to work when the service is hosted in a console app but not when hosted by IIS in an ASP.NET application with forms authentication. I receive a forms logon redirect as a response.

Damir wrote re: Wcf TransportCredentialOnly mode: Basic clear text credentials over unsecured transport
on 04-30-2007 10:04

Hi Paul,

I’m not sure how the architecture of you app looks like, but it seems that you host the WCF service in the web application. I would recommend creating the new application pool and new site (or virtual directory) which will be used to host your service only.

There are many reasons (for example security) why you the service should be hosted separated of the web application.

Juliano wrote re: Wcf TransportCredentialOnly mode: Basic clear text credentials over unsecured transport
on 09-13-2009 8:59

Paul, I don't know if is this that is happining, but when you try acess a service in silverlight 3 using transportCredencialOnly, you will receive one pop-up (basic authentication), and I cannot find one way to this work, because the silverlight is in the asp.net web site(so it can't receive the authentication headers), so, I am trying to do inspectors to include credentials in one basic soap in the client, and in the server I intercept and create the context. Any other sugestion?

WCF Authentication NT Challenge response - Programmers Goodies wrote WCF Authentication NT Challenge response - Programmers Goodies
on 11-12-2011 14:14

Pingback from  WCF Authentication NT Challenge response - Programmers Goodies

WCF Authentication NT Challenge response - Programmers Goodies wrote WCF Authentication NT Challenge response - Programmers Goodies
on 11-12-2011 14:21

Pingback from  WCF Authentication NT Challenge response - Programmers Goodies

developers.de is a .Net Community Blog powered by daenet GmbH.