Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there a way to pass user credentials over a WCF service without using secure communication?
(they are not transmitted when using insecure communication)
I want to avoid doing it manually, because it would affect every service method…
Background: this is for a system which runs in a closed environment, but requires role-based decisions
WCF by design prohibits use of clear-text username/password.
You may use Message Security with X509 certificates for encryption or use a Secured transport (e.g. HTTPS) to pass credentials. Performance of Transport security is better so that is what I would recommend.
This was possible under WSE (although advised against) but not in WCF.