WCF wsHttpBinding securiy without SSL and certificate
I want a secure WCF
service which would be used over internet. There are few light methods, so performance is not an issue (message size). I prefer port 80 (web) for firewall issues so TCP
binding is not preferred. Also SSL
is not an option in my case.
As I researched wsHttpBinding
with MessageLevel
security is the best choice for my scenario. I configured the service and client can successfully receive data. When I inspect the service with WcfTestClient.exe
and invoke the service, I can see SOAP m开发者_如何学Cessage XML in this tool. My request and response are in plain text without any encryption.
There are some examples of using certificates at service side, and username password at client side. I want username/password based security at both sides but cannot find the example on the web.
Is it possible ? (If yes, please provide a link)
Thanks
It is not possible. If you want message level security (encryption, signing, authentication) over Internet you must use user name and password for clients (provides client authentication) and certificate for service (service authentication to client and exchange of key for encryption and signing).
精彩评论