HowTo: disable WCF security

  • Thread starter Thread starter herbert
  • Start date Start date
H

herbert

Question 1: How do I turn off WCF security to get my apps out the door quickly?
Question 2: Where can I find a step by step article/flowchart how to
configure WCF security (the WCF books miss this point)?

Background:
I have a WCF client / WCF host pair running fine on the same machine.
Metadata is offered both via basicHttp and netTcp.
Services are offered via netTcp.

When distributing the WCF client on the intranet, everybody (my fellow
programmers) can access the Metadata and "Add Service Reference" to their
client apps. However nobody can then access the services.
The error message/exception on the client is something like "host rejected"
without further info.

The WCF host runs under administrator, firewall etc. disabled.

WinXP on all computers.

Since the WCF host does not provide anything secret I'd like to turn off all
security checks on the WCF host altogether.

And the security chapters in the five+ WCF books in front of me give me lots
of lectures on security principles however no step by step guidance about how
to implement it.

thank you very much. herbert
 
You can config do it via binding information:

Some examples:

Of course the key is "security mode"...This should be enough to google on at
least.



<bindings>

<netMsmqBinding>

<binding name ="NoMSMQSecurity" >

<security mode = "None">

</security>

</binding>

</netMsmqBinding>



<wsHttpBinding>

<binding name="WSHttpBindingName1" maxReceivedMessageSize="1000000" >

<security mode="None">

<transport clientCredentialType="None" />

<message establishSecurityContext="false" />

</security>

</binding>

</wsHttpBinding>





</bindings>



Here is one: I'm not sure what Transport is offhand. I could probably put
"none" in here as well.


<netNamedPipeBinding>

<binding name="NamedPipeBindingName1"

hostNameComparisonMode="StrongWildcard"

maxBufferSize="1000000"

maxConnections="255"

maxReceivedMessageSize="1000000"

receiveTimeout="00:59:00"

transactionFlow="false">

<security mode="Transport">

</security>

</binding>

</netNamedPipeBinding>



Then your end point needs to associate the binding:

example:


<endpoint name="WSHttpEndPoint"

address = "http://localhost:8001/ZebraControllerFascade"

binding = "wsHttpBinding" bindingConfiguration="WSHttpBindingName1"

contract =
"MeasInc.Applications.ScoringCenter.Interfaces.Zebra.Controllers.IZebraController"


</endpoint >
 
Back
Top