Home/ Questions/Q 7053051
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T03:27:28+00:00

I have been tasked with securing a web service that uses WCF and offers

  • 0

I have been tasked with securing a web service that uses WCF and offers web services for both Silverlight, WP7 and Android devices.

So I believe I should activate SSL and also add a form of authentication/authorization to the web service.

Now I am aware that I can turn on Windows Authentication on my web.config and in IIS that will automagically use the log in for the PC for the authentication. But I don’t know if this is the right solution to use when I am using devices outside of the intranet and specifically Android devices. I don’t want to set up to use this method of Authentication for the Android developers on our team to not be able to progress. So is this easy enough to do in Android?

When I do add the security, I found it was easy to add to a basicHttpBinding with <transport clientCredentialType="Windows" but that this doesn’t work within a customBinding. Is there something different with those?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I am doing something extremely similar with my applications. For the android side, we send the device a MobileUserId – in our case, a Guid, which uniquely identifies the user. This is saved only for the session. From there, each call to the service also requires this Guid to be valid.

    For the security, your web.config should have these:

    <service name="Service.System" behaviorConfiguration="ServiceBehaviour">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="TransportSecurity" contract="Service.ISystem" behaviorConfiguration="web"></endpoint>
</service>

<bindings>
<webHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>

    Even if you choose not to use something like a Guid, or UUID in java, you will still need some way to pass a username / password combination from the android device – it will not work with windows authentication.

    You should also probably look into REST or SOAP. I have found REST to be much easier to use, so I have preference towards it.

    • 0