Similar to this question, I need the ability to require username + password w/out transport security. But in my situation the actual IIS server doesn't have SSL, but the proxy in front of it does. This is where WCF has an issue - because the box hosting it won't allow this type of security w/out SSL. So in short - do I need to write my own binding for this or did I miss some type of work around for this very situation?
views:
429answers:
1
+1
A:
Yea, WCF will require encrypted communication if you need to pass username/password.
I think the only way, is to create a certificate to use for safe communication(security at message level). You can easily do this with makecert, like this:
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=localhostCA -sky exchange -pe
You may need to grant access to this certificate for the IIS user, using Windows HTTP Services Certificate Configuration Tool. Then, run the following command (given that ASPNET is the appropriate IIS user):
winhttpcertcfg -g -c LOCAL_MACHINE\My -s localhostCA -a ASPNET
Replace "localhostCA" with the name of your certificate.
baretta
2009-02-26 20:51:40