.netwcfhttpsbasic-authenticationtransport-security

WCF - Soap Webservice with Basic Auth, no ssl, self-hosted


I'm fully aware of the insecurity of this approach, but have a justified need for Basic http authentication for a WCF hosted SOAP webservice. Is there really no way to make this work? Every method I've found of adding basic auth requires transport (https) security.


Solution

  • I think you're looking for "TransportCredentialOnly". See this MSDN article.

    The binding would then look like this:

    <bindings>
        <basicHttpBinding>
            <binding name="NewBinding">
                <security mode="TransportCredentialOnly">
                    <transport clientCredentialType="Basic" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    

    The above code snippet was taken from this blog article on the topic.