Wcf wsHttpBinding and disabling anonymous access

Question

Wcf wsHttpBinding and disabling anonymous access

http://blogs.msdn.com/drnick/archive/2007/03/23/preventing-anonymous-access.aspx

Can someone clarify if it is possible to use wsHttpBinding in WCF and disable anonymous access in IIS without transport (ssl), or is message security required?

+5

wcf iis-6

Keith patton Oct 23 '08 at 1:58

source share

2 answers

Tobias Hertkorn · Answer 1 · 2008-11-05T17:13:04+0000

you're right, afaik in the wsHttpBinding script you describe requires us to use the WCF internal security stack. So what you usually do is

leave anonymous access enabled
create serviceBehavior with <serviceAuthorization mainPermissionMode = "UseWindowsGroups" />
PrincipalPermissionAttribute,

- ?

:

public class TestService : ITestService
{
  [PrincipalPermission(SecurityAction.Demand, Name = "testdomain\\administrator")]
  public string DoWork()
  {   
    return "Hello World " + Thread.CurrentPrincipal.Identity.Name;
  }
}

  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WcfSecurity.Www.TestServiceBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceAuthorization principalPermissionMode="UseWindowsGroups" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service behaviorConfiguration="WcfSecurity.Www.TestServiceBehavior" name="WcfSecurity.Www.TestService">
        <endpoint address="" binding="wsHttpBinding" contract="WcfSecurity.Www.ITestService" />
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>
    </services>    
  </system.serviceModel>

Keith Patton · Answer 2 · 2008-10-24T01:01:01+0000

Windows. IIS , wsHttpBinding WCF, - (, transprot security, ssl).

Windows, ssl .

, ( ), .

basicHttpBinding, Windows.

Wcf wsHttpBinding and disabling anonymous access

More articles: