views:

119

answers:

0

Hi, I'm working on a windows forms client server app. It uses client application services with a login form that implements IClientFormsAuthenticationCredentialsProvider and this is called using membership.validateuser(nothing, nothing) to authenticate user. What I want to confirm either way is if this method encrypts the credentials passed in any way or are they simply passed in plain text. The app is using message level security on the services so there's no SSL encryption. The endpoint is displayed below.

<endpoint address=""
      binding="wsHttpBinding"
      bindingConfiguration="wsHttpBindingMessageNone"
      contract="System.Web.ApplicationServices.AuthenticationService"
      bindingNamespace="http://asp.net/ApplicationServices/v200"
      listenUriMode="Explicit" />