Transport Security with an Anonymous Client
This Windows Communication Foundation (WCF) scenario uses transport security (HTTPS) to ensure confidentiality and integrity. The server must be authenticated with a Secure Sockets Layer (SSL) certificate, and the clients must trust the server's certificate. The client is not authenticated by any mechanism and is, therefore, anonymous.
For a sample application, see WS Transport Security. For more information about transport security, see Transport Security Overview.
For more information about using a certificate with a service, see Working with Certificates and How to: Configure a Port with an SSL Certificate.
| Characteristic | Description |
|---|---|
|
Security Mode |
Transport |
|
Interoperability |
With existing Web services and clients |
|
Authentication (Server) Authentication (Client) |
Yes Application level (no WCF support) |
|
Integrity |
Yes |
|
Confidentiality |
Yes |
|
Transport |
HTTPS |
|
Binding |
Service
The following code and configuration are meant to run independently. Do one of the following:
-
Create a stand-alone service using the code with no configuration.
-
Create a service using the supplied configuration, but do not define any endpoints.
Code
The following code shows how to create an endpoint using transport security:
// Create the binding. WSHttpBinding binding = new WSHttpBinding(); binding.Security.Mode = SecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; // Create the URI for the endpoint. Uri httpUri = new Uri("https://localhost/Calculator"); // Create the service host and add an endpoint. ServiceHost myServiceHost = new ServiceHost(typeof(ServiceModel.Calculator), httpUri); myServiceHost.AddServiceEndpoint( typeof(ServiceModel.ICalculator), binding, ""); // Open the service host. myServiceHost.Open(); Console.WriteLine("Press Enter to exit...."); Console.ReadLine(); // Close the service. myServiceHost.Close();
Configuration
The following code sets up the same endpoint using configuration. The client is not authenticated by any mechanism, and is therefore anonymous.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<services>
<service name="ServiceModel.Calculator">
<endpoint address="http://localhost/Calculator"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ICalculator"
name="SecuredByTransportEndpoint"
contract="ServiceModel.ICalculator" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ICalculator">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client />
</system.serviceModel>
</configuration>
Client
The following code and configuration are meant to run independently. Do one of the following:
-
Create a stand-alone client using the code (and client code).
-
Create a client that does not define any endpoint addresses. Instead, use the client constructor that takes the configuration name as an argument. For example:
Code
// Create the binding. WSHttpBinding myBinding = new WSHttpBinding(); myBinding.Security.Mode = SecurityMode.Transport; myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; // Create the endpoint address. Note that the machine name // must match the subject or DNS field of the X.509 certificate // used to authenticate the service. EndpointAddress ea = new EndpointAddress("https://machineName/Calculator"); // Create the client. The code for the calculator // client is not shown here. See the sample applications // for examples of the calculator code. CalculatorClient cc = new CalculatorClient(myBinding, ea); // Begin using the client. try { cc.Open(); Console.WriteLine(cc.Add(100, 1111)); // Close the client. cc.Close(); }
Configuration
The following configuration can be used instead of the code to set up the service.
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ICalculator" >
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://machineName/Calculator"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ICalculator"
contract="ICalculator"
name="WSHttpBinding_ICalculator" />
</client>
</system.serviceModel>
</configuration>
See Also
Tasks
WS Transport SecurityConcepts
Security OverviewTransport Security Overview
Other Resources
Security Model for Windows Server App Fabric
Build Date:
