Is there some sort of "built-in" authentication in WCF? I need to expose a web service to our clients so they can check status of their transactions.
My initial thought was they would just use their normal Username and Password passed in as method properties. It would be over SSL, of course, but is this method of authentication not secure?
Does WCF have some better way of allowing authentication with the request other than passing through method parameters?
To make authentication of WCF service more secure use server certificate for authentication. If certificate is available include it in WCF server otherwise we can also create self-signed certificate from IIS.
By default, anyone on the same Windows domain can access WCF services. Because those users have logged on to the network, they are trusted. The messages between a service and a client are encrypted for confidentiality and signed for integrity.
check these pages:
Pedram Razei's Ramblings
Microsoft Howto
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With