Introduction and Goal In the article we will try to apply DUAL security using transport plus On a broader basis WCF supports two kinds of security, transport level and The best security is the combination of transport and message. In this The first step is to customize your ‘Wshttp’ binding with proper security The second thing we need to provide is the credential type. There are five
6 steps to implement DUAL security on WCF using User name + SSL
Basics Transport and
Message level security
Step 1:- Customize ‘WsHttp’ Bindings with security mode and credential type
Step 2:- Create your
custom validator class
Step 3:- Define runtime behavior
Step 4:- Define SSL for your
Step 5 :- Consume WCF Service
Step 6: Run your WCF service
message on WCF services. So we will first try to understand the basic concepts
of WCF security i.e. transport and message. Once we understand the concept we
will move step by step in to how to implement SSL and user name security on WCF
Watch my 500 videos on various topics like design patterns,WCF, WWF , WPF, LINQ
,Silverlight,UML, Sharepoint ,Azure,VSTS and lot more @ here
Enjoy my free ebook which covers major .NET related topics like
WCF,WPF,WWF,Ajax,Core .NET,SQL Server, Architecture and lot more Download from
message level security. Transport means the medium on which WCF data travels
while message means the actual data packets sent by WCF.
Transport medium can be protocols like TCP, HTTP, MSMQ etc. These transport
mediums by themself provide security features like HTTP can have SSL security
(HTTPS). WCF has the capability of leveraging underlying transport security
features on WCF service calls.
Message level security is provided in the data itself using WS-Security. In
other words it’s independent of the transport protocol. Some examples of message
level security are messages encrypted using encryption algorithm, messages
encrypted using X509 certificate etc, messages protected using username etc.
WCF gives you an option to either just use message level security in stand
alone, transport level in stand alone or combination of both. If you are
interested in how to do message level security and transport security in a
standalone manner .
article we will see step by step how to implement dual security using ‘SSL’ plus
message security using ‘Username’ using ‘WsHttpBinding’.
mode and credential type. There are three options in security mode ‘Transport’,
‘Message’ and ‘TransportWithMessageCredential’.
As we are implementing dual security we need to use the last one i.e.
‘TransportWithMessageCredential’ where the transport security is provided by SSL
and message security is provided using ‘UserName and password’.
different credential type none, windows, username, certificate and issued token.
Credential type defines how the credentials will be passed over the transport
layer. For the current instance we will select ‘UserName’.
So summing up we will provide security mode as ‘TransportWithMessageCredential’
and message security will be provided by ‘UserName’.
So create a WCF service using the WCF service template and in ‘web.config’
provide the security mode and credential type as shown in the below code
<!-- UsernameToken over Transport Security -->
<security mode="TransportWithMessageCredential" >
Introduction and Goal
In the article we will try to apply DUAL security using transport plus
On a broader basis WCF supports two kinds of security, transport level and
The best security is the combination of transport and message. In this
The first step is to customize your ‘Wshttp’ binding with proper security
The second thing we need to provide is the credential type. There are five