WCF: How to use AllowInsecureTransport

Question

Within the context of .NET 4 WCF, I am attempting to use the new AllowInsecureTransport attribute so that I can use my custom authentication without using SSL (in our development environment only - we are using SSL in production).

My bindings config looks like:

<bindings>
  <wsHttpBinding>
    <binding name="CustomAuthentication">
      <security mode="TransportWithMessageCredential" allowInsecureTransport="true">
        <transport clientCredentialType="None" />
        <message clientCredentialType="UserName"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

However, I am getting a Unrecognized attribute 'allowInsecureTransport' error. This attribute was described in this thread, and has help on msdn.

Can someone help me with my rather inept knowledge of WCF config options and point me in the right direction?

I'd prefer not to use the ClearUsernameBinding as described here, but will if there is no other inbuilt option.

Answer 1

I do believe that element is only usable through a custom binding... if you see the docs, it's part of the SecurityBindingElement, not part of a standard binding like wsHttpBinding. The thread you pointed to does have an example of a configuration using a custom binding to enable it.