Ok, so here goes my situtation.
I am writing a multi site software which allows me to monitor process, memory, services etc on a Windows Server.
Each “site” will be a host as far as WCF is concerned. There may or may not be a central distrubition node, this will also be a host, but there will be an interface which reads data – this would connect to each “site” or the distribution node.
Right, so I want to secure this communication, encrypted. I don’t wish to use any SSL certs, considering not every site/client will have SSL certs.
Can I do this? Using Message Security maybe? Only I haven’t read a way to do this. I don’t know if “Windows authentication” will suit this? Would it? A simple username and/or password solution would do. Much the same in the way the WebsitePanel team have used WSE to do it.
Thanks for your help.
EDIT:
So I need to be more clear on this.
I do not wish to use SSL/certificates in anyway. Take it that I have no control over it. I could, if I really had to, encrypt each send of information in code manually, using AES etc, before it is sent, like PGP in emails, but I figured this is what Message Security is.
Such a simple task it is surprising to me that Microsoft and professional never thought to implement it. All data is sent pre-encypted and unless you have the coresponding encryption key you can;t read the data. Yes, I realise this is essentially the same as SSL etc.
Encryption needs certificate to be really secure. WSE allowed user name and password but for message encryption it still required certificate – WCF does it in the same way.
You can build encryption layer without certificate but
Windows authentication either again requires secured transport (basic http authentication) = HTTPS or both client and server must be in the same windows domain (if you communicate with your clients over internet that would require VPN).