Search code examples
.netwcfsilverlightsecuritywshttpbinding

How to protect the connection to WCF service? Silverlight consuming WCF service with WsHttpBinding.

I am assigned to develop silverlight application which should consume WCF service. The service only exposed endpoint using WsHttpBinding.

As I understood it is impossible to consume this service in silverlight application (does the WsHttpBinding requires special operation system support?).

The each call to the service has user credentials as parameters in it.

This is how configuration for generated service looks for .Net 4 application: 

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_IScheduleService" closeTimeout="00:01:00"
                openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                allowCookies="false">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <reliableSession ordered="true" inactivityTimeout="00:10:00"
                    enabled="false" />
                <security mode="Transport">
                    <transport clientCredentialType="None" proxyCredentialType="None"
                        realm="" />
                    <message clientCredentialType="Windows" negotiateServiceCredential="true" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="blahblah/Service.svc/ws"
            binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IScheduleService"
            contract="ScheduleService.IScheduleService" name="WSHttpBinding_IScheduleService">
            <identity>
                <dns value="localhost" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>

Sorry for the long introduction, and there is the question.

What are common aproaches in the Silverlight world to protect the connection to WCF service? How to change the service, to be consumable by silverlight client?

Solution

  • The most common approach is to use transport security (ssl) - as you do with this setting. The only issue here may be that wshttpbinding expects from the client soap message to contain ws-addressing headers (check it out with fiddler or wcf logging) which silverlight may not support.

    I would say - if you are able to change the service to basicHttpBinding it is the best. Otherwise you could still do it but you would need to push the headers into the soap message manually. write a working soap client (winforms) and see how the soap it sends looks. then use message inspector on silverlight to add it.