HowTo: disable WCF security

H

herbert

Question 1: How do I turn off WCF security to get my apps out the door quickly?
Question 2: Where can I find a step by step article/flowchart how to
configure WCF security (the WCF books miss this point)?

Background:
I have a WCF client / WCF host pair running fine on the same machine.
Metadata is offered both via basicHttp and netTcp.
Services are offered via netTcp.

When distributing the WCF client on the intranet, everybody (my fellow
programmers) can access the Metadata and "Add Service Reference" to their
client apps. However nobody can then access the services.
The error message/exception on the client is something like "host rejected"
without further info.

The WCF host runs under administrator, firewall etc. disabled.

WinXP on all computers.

Since the WCF host does not provide anything secret I'd like to turn off all
security checks on the WCF host altogether.

And the security chapters in the five+ WCF books in front of me give me lots
of lectures on security principles however no step by step guidance about how
to implement it.

thank you very much. herbert
 
S

sloan

You can config do it via binding information:

Some examples:

Of course the key is "security mode"...This should be enough to google on at
least.



<bindings>

<netMsmqBinding>

<binding name ="NoMSMQSecurity" >

<security mode = "None">

</security>

</binding>

</netMsmqBinding>



<wsHttpBinding>

<binding name="WSHttpBindingName1" maxReceivedMessageSize="1000000" >

<security mode="None">

<transport clientCredentialType="None" />

<message establishSecurityContext="false" />

</security>

</binding>

</wsHttpBinding>





</bindings>



Here is one: I'm not sure what Transport is offhand. I could probably put
"none" in here as well.


<netNamedPipeBinding>

<binding name="NamedPipeBindingName1"

hostNameComparisonMode="StrongWildcard"

maxBufferSize="1000000"

maxConnections="255"

maxReceivedMessageSize="1000000"

receiveTimeout="00:59:00"

transactionFlow="false">

<security mode="Transport">

</security>

</binding>

</netNamedPipeBinding>



Then your end point needs to associate the binding:

example:


<endpoint name="WSHttpEndPoint"

address = "http://localhost:8001/ZebraControllerFascade"

binding = "wsHttpBinding" bindingConfiguration="WSHttpBindingName1"

contract =
"MeasInc.Applications.ScoringCenter.Interfaces.Zebra.Controllers.IZebraController"


</endpoint >
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HowTo programmatically define roles and users ... 1
Signing a custom soap header (WS-Security) with WCF 3
WCF Windows Authentication - How to? 4
hello 2
WCF / wsHttpBinding / Digital Signature Corruption (!!) 0
WCF - Faults 1
WCF Security Issue 1
WCF Window Authentication - How To? 1

Top