Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Similar to this question, I need the ability to require username + password without transport security. But in my situation the actual IIS server doesn’t have SSL, but the proxy in front of it does.
This is where WCF has an issue – because the box hosting it won’t allow this type of security without SSL. So in short – do I need to write my own binding for this or did I miss some type of workaround for this very situation?
Yes, WCF will require encrypted communication if you need to pass a username/password.
I think the only way is to create a certificate to use for safe communication (security at message level). You can easily do this with makecert, like this:
You may need to grant access to this certificate for the IIS user, using the Windows HTTP Services Certificate Configuration Tool. Then, run the following command (given that ‘ASPNET’ is the appropriate IIS user):
Replace ‘localhostCA’ with the name of your certificate.