Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve been reading a lot about WCF Authentication using username and password. I am not getting my head round on when to use x509 certificate?
Could anyone please guide me to right direction on what scenario should I use X509 if using Username and Password?
Thanks.
Generally always.
X.509 certificate ensures that channel is secured = only your service can read incoming user name and password (until certificate is stolen).
In case of WCF you need to configure certificate for message security because certificate for transport security (HTTPS) is configured outside of WCF on operating system level (either through netsh.exe or IIS).
If you don’t use certificate you will not have secured channel and your user name and password will travel in network as a plain text – anybody who will get your transmitted packets will be able to use the stolen user name and password.
WCF by default doesn’t allow sending user name and password over unsecured channel – you must create custom binding for that.