User Id :    Password :      New Member   Forgot Password  
WCF Application Security in ASP.NET
Description WCF Application Security   No. of Views     2853
  Rating     0
Author Gaurav   Posted On     14 Oct 2013
Tags WCF,WCF : General,ASP.NET 4.0    

Sample Code   Download Code

Windows authentication over the basicHttpBinding binding using the TransportCredentialsOnly security mode. The article shows you how to configure WCF, configure Internet Information Services (IIS) for Windows authentication, and test the service with a sample WCF client.

The TransportCredentialOnly security mode option passes the user credentials without encrypting or signing the messages. Use this mode with caution as it will not protect the credentials being transmitted and they will have to be protected by some other means

You will then configure the service to use basicHttpBinding with TransportCredentialOnly security through the use of the WCF Configuration Editor. You will enable Windows authentication in IIS to allow your users to authenticate to the service.

Create a Sample WCF Service

1.In Visual Studio, on the File menu, click New Web Site.
2.In the Templates section, select WCF Service. Make sure that the Location is set to Http, and specify http://localhost/WCFServiceBasicHttp as the Path. Click OK in the New Web Site dialog box to create a virtual directory and a sample WCF service.
3.Browse to your WCF service at http://localhost/WCFServiceBasicHttp/Service.svc.

You should see your WCF service respond with details of the service.

Configure the WCF Service to Use basicHttpBinding

In this step, you configure your WCF service endpoint to use basicHttpBinding.
1.Right-click the Web.config file of the WCF service and then click Edit WCF Configuration.
If you do not see the Edit WCF Configuration option, on the Tools menu, click WCF Service Configuration Editor. Close the WCF Service Configuration Editor tool that appears. The option should now appear on the web.config context menu.
2.In the Configuration Editor, in the Configuration section, expand Service and then expand Endpoints.
3.Select the first node [Empty Name]. Set the name attribute to BasicHttpEndpoint.
By default, the name will be empty because it is an optional attribute.
4.In the Service Endpoint section, set the binding attribute to basicHttpBinding by choosing this option from the drop-down list.
5.In the Configuration Editor, on the File menu, click Save.
6.In Visual Studio, verify your configuration settings in Web.config. The configuration should look as follows:

  <service behaviorConfiguration="ServiceBehavior" name="Service">
    <endpoint address="" binding="basicHttpBinding"
        <dns value="localhost" />
    <endpoint address="mex" binding="mexHttpBinding"
       contract="IMetadataExchange" />

Configure basicHttpBinding to use Windows Authentication with TransportCredentialOnly

By default, the basicHttpBinding security mode is None. This default setting means that you do not have authentication and that neither transport nor message security is enabled. By enabling Windows authentication with TransportCredentialOnly, you will get authentication, but no message protection; this is similar to how an ASMX Web service works.

1.In the Configuration Editor, in the Configuration section, select the Bindings folder.
2.In the Bindings section, choose New Binding Configuration.
3.In the Create a New Binding dialog box, select basicHttpBinding.
4.Click OK.
5.Set the Name of the binding configuration to some logical and recognizable name; for example, BasicHttpEndpointBinding.
6.Click the Security tab.
7.Set the Mode attribute to TransportCredentialOnly by choosing this option from the drop-down menu.
8.Set the TransportClientCredentialType to Windows by choosing this option from the drop-down list.
In this case, the Windows option represents Kerberos.

9.In the Configuration section, select BasicHttpEndpoint.
10.Set the BindingConfiguration attribute to BasicHttpEndpointBinding by choosing this option from the drop-down list.
This associates the binding configuration setting with the binding.

11.In the Configuration Editor, on the File menu, click Save.
12.In Visual Studio, verify your configuration, which should look as follows:

    <binding name="BasicHttpEndpointBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
  <service behaviorConfiguration="ServiceBehavior" name="Service">
    <endpoint address="" binding="basicHttpBinding"
      name="BasicHttpEndpoint" contract="IService">
        <dns value="localhost" />
    <endpoint address="mex" binding="mexHttpBinding"
        contract="IMetadataExchange" />

Enable Windows Authentication on IIS

In this step, you enable IIS for Windows authentication to match the authentication scheme used in your WCF service.
1.Open Internet Information Services (IIS) Manager by running the inetmgr command from the command line.
2.Browse to the WCF Service virtual directory created in Step 1.
3.Right-click the virtual directory and then click Properties.
4.In the Properties dialog box, click the Directory Security tab.
5.In the Authentication and access control section, click Edit.
6.In the Authentication Methods dialog box, clear the Enable anonymous access check box, and then select the Integrated Windows authentication check box.
7.In the Authentication Methods dialog box, click OK.
8.In the Properties dialog box, click Apply and then click OK.
9.Run the iisreset command from the command line.
10.Verify that your service is working correctly. In IIS Manager, browse to your service (Service.svc).

Create a Windows Forms Test Client Application

In this step, you create a Windows Forms application to test the WCF service.
1.Right-click your solution, click Add, and then click New Project.
2.In the Add New Project dialog box, in the Templates section, select Windows Application.
3.In the Name field, type Test Client and then click OK to create a Windows Forms application.
Step 6: Add a WCF Service Reference to the Client

In this step, you add a Web reference of the WCF service to your Client application. This How To article uses a Web reference to show the usage of a WCF service as a legacy Web service; otherwise, you can add it as a service reference.
1.Right-click your Client project and then click Add Service References.
2.Click Advanced and then click Add Web Reference under the Compatibility section.
3.In the Add Web References dialog box, set the URL to your WCF service: http://localhost/WCFServiceBasicHttp/Service.svc
4.Click Go.
5.In the Web reference name: field, change localhost to WCFTestService.
6.Click Add Reference.
A Web reference to WCFTestService should now appear in your Client project.

Step 7: Test the Client and WCF Service

In this step, you access the WCF service as a legacy ASMX Web service and make sure that it works.
1.In your Client project, drag a button control onto your form.
2.Double-click the button control to show the underlying code.
3.In the code behind the button click, create an instance of the proxy, pass the default user credentials, and call MyOperation1 of your WCF Service. The code should look as follows:  


private void button1_Click(object sender, EventArgs e)
      WCFTestService.Service myService = new 
      myService.Credentials = 
      MessageBox.Show(myService.GetData(123, true));

4.Right-click the Client project and then click Set as Startup Project.
5.Run the Client application by pressing F5 or CTRL+F5. When you click the button on the form, the message “You entered: 123” should appear.

SSL certificate in IIS

Obtain a Certificate
Select the server node in the treeview and double-click the Server Certificates feature in the listview:


Click Create Self-Signed Certificate... in the Actions pane.


Enter a friendly name for the new certificate and click OK.

Now you have a self-signed certificate. The certificate is marked for "Server Authentication" use; that is, it uses as a server-side certificate for HTTP SSL encryption and for authenticating the identity of the server.

Create an SSL Binding

Select a site in the tree view and click Bindings... in the Actions pane. This brings up the bindings editor that lets you create, edit, and delete bindings for your Web site. Click Add... to add your new SSL binding to the site.


The default settings for a new binding are set to HTTP on port 80. Select https in the Type drop-down list. Select the self-signed certificate you created in the previous section from the SSL Certificate drop-down list and then click OK.

Now you have a new SSL binding on your site and all that remains is to verify that it works.

Verify the SSL Binding

In the Actions pane, under Browse Web Site, click the link associated with the binding you just created.

Internet Explorer (IE) 7 and above will display an error page because the self-signed certificate was issued by your computer, not by a trusted Certificate Authority (CA). IE 7 and above will trust the certificate if you add it to the list of Trusted Root Certification Authorities in the certificates store it on the local computer, or in Group Policy for the domain.

Click Continue to this website (not recommended).

Configure SSL Settings

Configure SSL settings if you want your site to require SSL, or to interact in a specific way with client certificates. Click the site node in the tree view to go back to the site's home page. Double-click the SSL Settings feature in the middle pane.




About Author

About Author I am as simple as c#. Gaurav
No Photo
Country India
Company N/A
Home Page N/A

Rate this article

Rating options from poor, fair, good, very good to excelent.  


Write your comment here.
Verification Code