wsHttpBinding message-level security without using certificates?

Question

Is it possible to avoid having to use certificates with wsHttpBinding when using message-level security ?

or is there any other method to encrypt communications between client and server without having to go through the hassle of configuring certificates.

Answer 1

If both client and server are in the same windows domain then yes (using windows security) else no. If you want to avoid using certificates you must build your own solution but once you fully understand how encryption and signing is provided and what is transfered in certificates you will find out that you are trying reinvent a wheel.