Transport Security with an Anonymous Client
This Windows Communication Foundation (WCF) scenario uses transport security (HTTPS) to ensure confidentiality and integrity. The server must be authenticated with a Secure Sockets Layer (SSL) certificate, and the clients must trust the server's certificate. The client is not authenticated by any mechanism and is, therefore, anonymous.
For a sample application, see WS Transport Security. For more information about transport security, see Transport Security Overview.
For more information about using a certificate with a service, see Working with Certificates and How to: Configure a Port with an SSL Certificate.
Characteristic | Description |
---|---|
Security Mode |
Transport |
Interoperability |
With existing Web services and clients |
Authentication (Server) Authentication (Client) |
Yes Application level (no WCF support) |
Integrity |
Yes |
Confidentiality |
Yes |
Transport |
HTTPS |
Binding |
Service
The following code and configuration are meant to run independently. Do one of the following:
Create a stand-alone service using the code with no configuration.
Create a service using the supplied configuration, but do not define any endpoints.
Code
The following code shows how to create an endpoint using transport security:
' Create the binding.
Dim binding As New WSHttpBinding()
binding.Security.Mode = SecurityMode.Transport
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None
' Create the URI for the endpoint.
Dim httpUri As New Uri("https://localhost/Calculator")
' Create the service host and add an endpoint.
Dim myServiceHost As New ServiceHost(GetType(ServiceModel.Calculator), httpUri)
myServiceHost.AddServiceEndpoint(GetType(ServiceModel.ICalculator), binding, "")
' Open the service host.
myServiceHost.Open()
Console.WriteLine("Press Enter to exit....")
Console.ReadLine()
' Close the service.
myServiceHost.Close()
// Create the binding.
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.None;
// Create the URI for the endpoint.
Uri httpUri = new Uri("https://localhost/Calculator");
// Create the service host and add an endpoint.
ServiceHost myServiceHost =
new ServiceHost(typeof(ServiceModel.Calculator), httpUri);
myServiceHost.AddServiceEndpoint(
typeof(ServiceModel.ICalculator), binding, "");
// Open the service host.
myServiceHost.Open();
Console.WriteLine("Press Enter to exit....");
Console.ReadLine();
// Close the service.
myServiceHost.Close();
Configuration
The following code sets up the same endpoint using configuration. The client is not authenticated by any mechanism, and is therefore anonymous.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<services>
<service name="ServiceModel.Calculator">
<endpoint address="https://localhost/Calculator"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ICalculator"
name="SecuredByTransportEndpoint"
contract="ServiceModel.ICalculator" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ICalculator">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client />
</system.serviceModel>
</configuration>
Client
The following code and configuration are meant to run independently. Do one of the following:
Create a stand-alone client using the code (and client code).
Create a client that does not define any endpoint addresses. Instead, use the client constructor that takes the configuration name as an argument. For example:
Dim cc As New CalculatorClient("EndpointConfigurationName")
CalculatorClient cc = new CalculatorClient("EndpointConfigurationName");
Code
' Create the binding.
Dim myBinding As New WSHttpBinding()
myBinding.Security.Mode = SecurityMode.Transport
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None
' Create the endpoint address. Note that the machine name
' must match the subject or DNS field of the X.509 certificate
' used to authenticate the service.
Dim ea As New EndpointAddress("https://machineName/Calculator")
' Create the client. The code for the calculator
' client is not shown here. See the sample applications
' for examples of the calculator code.
Dim cc As New CalculatorClient(myBinding, ea)
' Begin using the client.
Try
cc.Open()
Console.WriteLine(cc.Add(100, 11))
Console.ReadLine()
' Close the client.
cc.Close()
Catch tex As TimeoutException
Console.WriteLine(tex.Message)
cc.Abort()
Catch cex As CommunicationException
Console.WriteLine(cex.Message)
cc.Abort()
Finally
Console.WriteLine("Closed the client")
Console.ReadLine()
End Try
// Create the binding.
WSHttpBinding myBinding = new WSHttpBinding();
myBinding.Security.Mode = SecurityMode.Transport;
myBinding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.None;
// Create the endpoint address. Note that the machine name
// must match the subject or DNS field of the X.509 certificate
// used to authenticate the service.
EndpointAddress ea = new
EndpointAddress("https://machineName/Calculator");
// Create the client. The code for the calculator
// client is not shown here. See the sample applications
// for examples of the calculator code.
CalculatorClient cc =
new CalculatorClient(myBinding, ea);
// Begin using the client.
try
{
cc.Open();
Console.WriteLine(cc.Add(100, 1111));
// Close the client.
cc.Close();
}
Configuration
The following configuration can be used instead of the code to set up the service.
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ICalculator" >
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://machineName/Calculator"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ICalculator"
contract="ICalculator"
name="WSHttpBinding_ICalculator" />
</client>
</system.serviceModel>
</configuration>
See Also
Tasks
Concepts
Security Overview
Transport Security Overview