Home/ Questions/Q 7676265
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T17:09:39+00:00

I know that their are questions and articles about WCF deployment, but i don’t

  • 0

I know that their are questions and articles about WCF deployment, but i don’t find one that actually solves my issue.

So i have a WCF service that is going to be used over tcp. If i set the security to transport, then i am obligated to use for usercredentials certificate or Windows. I don’t want to use a certificate but i can’t be sure that the service will always be hosted in a windows domain. So it leaves me with certificate security. I know that i can create a certificate with makecert, but what must i do when i want to deploy the service onto a server? Do i only need a certificate for the service or also the client that connects needs one?

Also if use message security, i need to have a certificate for the service.

EDIT,
In intranet scenarios, is it ok to use self signed certificates?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I didn’t know myself, was just looking here:

    WCF easiest security mode to implement

    one of the best comments I think, in regards do just checking user/pass on both sides of the wire:

    Such solution will not be secure. You talking about symmetric encryption where all clients and server has to share same key. Once any client get compromissed (and key is stolen or shared with anybody else) the security is gone. User name and password has nothing to do with encryption. – Ladislav Mrnka

    You may be able to do it, but it might overlook the bigger question: why choose this route in the first place?

    Here’s some code for plaintext passwords if you really want to go down that route….

    http://webservices20.blogspot.com/2008/11/how-to-use-clear-usernamepassword-with.html

    • 0