WCF – TCP with UserNameToken without Message Security

There was a project that I assisted with the WCF communications where they needed to allow the client to specify different credentials without being dependent on the windows account.

The first thing that comes into mind is to use the UserNameToken technique to pass in the client credentials. The design instructed to use TCP as the transport and not use message security. Obviously, this technique has privacy and integrity issues where there isn’t any encryption nor signing, but that was their decision because it wasn’t an issue in the purpose of the project.

Well, this setting isn’t as trivial as you would expect.
The default form of the NetTcpBinding allows you to use UserNameToken only as part of message security and forces you to use a certificate to enable that message security.

I ended up setting them a CustomBinding which provides the scenario they needed.

Service Side

Configuring the Service Host -

_host = new ServiceHost(typeof(Service));
_host.AddServiceEndpoint(typeof(IService), Config.ServiceBinding, Config.ServiceAddress.Uri.AbsoluteUri);

_host.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.Custom;
_host.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new CustomUserNameTokenValidator();

_host.Open();

Read more: Zuker On Foundations

Posted via email from .NET Info