The examples everywhere show how to do Kerberos Token Profile 1.1 via WCF, however it uses Message security. In fact, the WCF implementation defaults to sign+encrypt. I have a requirement of using SSL, and instead using KTP for authentication and signing, and NOT encrypting.
If I change the mode to TransportWithMessageCredential, it no longer signs the request. Anyone know if this is possible, and ideally ahve any config? thanks
Ugg. Leave it to me to over-complicate things! I tried a bajillion combinations of settings, and eventually started widdling down to something simple.
First, here is the customBinding equivalent of wsHttpBinding, out of the box:
http://webservices20.blogspot.com/2009/04/wcf-custombinding-equivalent-to.html
From there, I started building up, and the config below ultimately did it. I have the ServiceContract attribute specify to sign-only. Then in config, the "Kerberos" mode takes care of Kerberos Token Profile, and the httpsTransport takes care of SSL! That did it! Maybe this might help someone else in the future:
<customBinding>
<binding name="KerberosTokenProfileSignAndSslBinding">
<security authenticationMode="Kerberos" />
<httpsTransport />
</binding>
<customBinding>
EDIT: I ended up writing a blog post about the details, in case anyone reading this needs them - http://robertseder.spaces.live.com/blog/cns!587F478B9240C01E!773.entry