Using custom WCF username/password (UserNamePasswordValidator) authentication with Java
https://stackoverflow.com/questions/10887366
-
12-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've found a good example about authenticating WCF services with custom username/password (A simple WCF service with username password authentication: the things they don’t tell you). This fits what I need... partially, I guess. It uses wsHttpBinding and Message as the security mode.
The WCF service I need to build will have Java clients, and my question is if the example from the link above works with Java ("interops" well). Or should I go with basicHttpBinding, securing the connection at transport level (https)?
Thanks
Solution
WCF implements lots of Web Service protocols: http://msdn.microsoft.com/en-us/library/ms730294
Although complicated solution is not necessary the best one. Go ahead with basicHttpBinding and Transport security if it fits all other requirements you have.
There is good all-in-one article that describes configuration:
http://www.remondo.net/using-ssl-transport-security-wcf-basichttpbinding/
OTHER TIPS
transport security will almost always be better for interoperability. Having said that username security is also pretty safe, especially if it is under ssl and not use message level certificates. Even if there are certificates it is possible to interop with the axis2 or wsit java frameworks. it may be challenging though, so if you will have many arbitrary clients and want them to interop with your service without any special guidance you may want to avoid it.
BTW basicHttp and wsHttp are both capable to do either message or transport level. basic is a little easier for interop since it does not use ws-addressing.
