Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a WCF 3.5 service and it runs great. It is using basicHttpBinding and IIS 7 hosted. I’d like to add some minimal security to it, maybe a username and a password. Can someone give me some really basic instructions? What do I need to add to my web.config file?
The WCF Security Guidance is a really good place to start – with lots of scenarios, samples, explanations and more.
For basic username/password authentication over basicHttpBinding, you need to have several pieces in place:
actually set the username/password on the client before each call (only in code)
define how to validate the username/password coming in on the server side – your options are validating against Active Directory (e.g. all your callers need to have an AD account with you in your domain), validate against the ASP.NET membership database, or roll your own
This how-to “How To – Use Username Authentication with the SQL Server Membership Provider and Message Security in WCF from Windows Forms” basically does what you’re looking for – the concrete example is for wsHttp, but it should work for basicHttpBinding as well