Internet Application
In the Internet scenario, the clients or services may not use WCF or even Windows. If you are writing a service or a client, you cannot assume the use of WCF on the other end. In addition, an Internet application typically has a relatively large number of clients calling the service. These client calls originate from outside the firewall. You need to rely on HTTP for transport, and multiple intermediaries are possible. In an Internet application, you typically do not want to use Windows accounts and groups for credentials and instead the application needs to access some custom credentials store. That said, you could still be using Windows security, as demonstrated later on.
Securing the Internet Bindings
In the Internet application, you must use message security for transfer security to provide for end-to-end security across all intermediaries. The client should provide credentials in the form of username and password. For the Internet scenario you should use the WSHttpBinding
and WSDualHttpBinding
. In addition, if you have an intranet application that uses the NetTcpBinding
but you do not wish to use Windows security for user accounts and groups, you should follow the same configuration as with the WS-based bindings. This is done uniformly across these bindings by selecting MessageCredentialType.Username
for the client credentials type used with the message security. You need to configure the bindings this way both at the client and at the service.
WSHttpBinding ...
Get Programming WCF Services now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.