0

I know that their are questions and articles about WCF deployment, but i don't find one that actually solves my issue.

So i have a WCF service that is going to be used over tcp. If i set the security to transport, then i am obligated to use for usercredentials certificate or Windows. I don't want to use a certificate but i can't be sure that the service will always be hosted in a windows domain. So it leaves me with certificate security. I know that i can create a certificate with makecert, but what must i do when i want to deploy the service onto a server? Do i only need a certificate for the service or also the client that connects needs one?

Also if use message security, i need to have a certificate for the service.

EDIT, In intranet scenarios, is it ok to use self signed certificates?

Alex Maie
  • 269
  • 3
  • 13

1 Answers1

0

I didn't know myself, was just looking here:

WCF easiest security mode to implement

one of the best comments I think, in regards do just checking user/pass on both sides of the wire:

Such solution will not be secure. You talking about symmetric encryption where all clients and server has to share same key. Once any client get compromissed (and key is stolen or shared with anybody else) the security is gone. User name and password has nothing to do with encryption. – Ladislav Mrnka

You may be able to do it, but it might overlook the bigger question: why choose this route in the first place?

Here's some code for plaintext passwords if you really want to go down that route....

http://webservices20.blogspot.com/2008/11/how-to-use-clear-usernamepassword-with.html

Community
  • 1
  • 1
Killnine
  • 5,728
  • 8
  • 39
  • 66
  • Well the idea is that i want to have the connection secured and encrypted, hence transport or message security. I would go down with using Windws authentification, but that seems just an inflexible solution, since i don't now on which kind of networks the service will be deployed (with active domain or simple network). – Alex Maie Mar 19 '12 at 19:45
  • Well, you'll have to make some sort of decision on what you want to support, but by creating multiple endpoints, perhaps you can provide some options for clients. – Killnine Mar 19 '12 at 20:08