I have a UserAccountService with various methods, some of which require user authentication (e.g. ChangePassword, ChangeUserData), and some not (RegisterUser).
However, it seems that I cannot get it to work, so only some methods require authentication.
Authentication methods decorated
[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]
In my app.config, I have a binding that uses encryption and asks for UserName credentials:
<binding name="authenticatedBinding"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName" /> </security> </binding>
(I am using basicHttpBinding)
I also have a custom authentication provider configured:
<serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="..." /> </serviceCredentials>
In this configuration, I cannot name any service methods without authentication.
If I do not use the security configuration, I can call methods that do not require authentication, but the message credentials are no longer migrated.
How can I configure my service to allow all methods to be called and require only a username / password to be set if PrincipalPermission requires it?
I use Silverlight as my client, if that matters ...
Thanks!