Enable basic HttpBinding without SSL in WCF

Question

The idea here is that for my testing, before I commit to purchasing the SSL certificate, I want to enable the WCF service in non-ssl mode. I've done it in the past using this code, but for the life of me, cannot figure out how to translate it into the web.config file.

If someone can put me in the right direction on how you would go about this translation, that would be much appreciated.

                Binding basicBinding = null;
                if (RegistryConnectionStringFactory.UseSslForCommunications)
                {
                    basicBinding = new BasicHttpBinding();
                    (basicBinding as BasicHttpBinding).Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
                    (basicBinding as BasicHttpBinding).Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;

                    creds.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.MembershipProvider;
                    creds.UserNameAuthentication.MembershipProvider = Membership.Provider;
                }
                else
                {
                    HttpTransportBindingElement transport = new HttpTransportBindingElement()
                    {
                        AuthenticationScheme = System.Net.AuthenticationSchemes.Basic
                    };
                    basicBinding = new CustomBinding(transport);

                    svcHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new AspNetUsernamePasswordValidator();
                    svcHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
                }

Answer 1

I was looking at something similar today as well but my knowledge isn't 100% complete.

For the binding you will need to do something like this:

   <bindings>
  <customBinding>
    <binding name="CustomBinding">
      <httpTransport authenticationScheme="Basic"/>
    </binding>
  </customBinding>

Then you need to create a serviceBehaviour for the custom validation:

        <behavior name="serviceBehavior" >
      <serviceAuthorization principalPermissionMode="UseAspNetRoles"roleProviderName="CustomRolesProvider" />
      <serviceCredentials>
        <userNameAuthentication customUserNamePasswordValidatorType ="AspNetUsernamePasswordValidator [Fully qualified name]" userNamePasswordValidationMode="Custom" />
      </serviceCredentials>

obviously not tested but a similar config just worked for me and it may get you started...

Answer 2

Because your post suggests that want to do this to avoid purchasing an SSL certificate before your testing is complete, I wanted to ask: To save yourself some time, could you just create your own self-signed certificate using makecert?

If so, these notes might be of some help.

To create root certificate key files...

makecert -r -pe -n "CN=My Own Authority,O=My Company,C=US" -ss CA -sr CurrentUser -a sha1 -sky signature -sv mycert.pvk mycert.cer

To create a .PFX file...

makecert -pe -n "CN=localhost" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic mycert.cer -iv mycert.pvk -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv localhost.pvk localhost.cer

pvk2pfx -pvk localhost.pvk -spc localhost.cer -pfx localhost.pfx

Then, using the Certificates snap-in, import the mycert.cer file into the Trusted Root Certification Authorities on the local computer to tell those apps running on the local machine that any certificate signed by your own authority is trustworty.

Next, you import the localhost.pfx file into the Personal store on the local computer. (Doing this makes the certificate available to IIS so that it may declare itself, by your own authority, to be the server named "localhost".

There's a detailed descripton of how to import the .PFX file into IIS 7 here: http://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm

Answer 3

What is wrong with configuration based approach for BasicHttpBinding? You simply use TransportWithMessageCredential and UserName credentials for communication over HTTPS or TransportCredentialOnly and Basic credentials for communication over HTTP.