Search code examples
wcfasp.net-membershipwcf-securitybasichttpbinding

WCF -> IIS 7.0 Partial Trust Hosting (.svc) -> BasicHttpBinding -> Authentication (UserName / Password) - > ASP.NET Membership Provider -> No SSL

Basically my requirement is:

  • WCF Service Application Hosted on IIS 7.0 with Partial Trust
  • Endpoint exposed with BasicHttpBinding
  • Would like to enable basic Authentication (UserName / Password)
  • Would like to use ASP.NET membership for User Authentication
  • I don't want to setup SSL

I have seen some tutorials but they are talking about first enabling the SSL. I am able to create my sample WCF Service and Host is on IIS 7.0 with Partial Trust without any problem. Its just the Authentication part that I am struggling with.

Can anyone provide any assistance or point me to the place where relevant information can be found?

Solution

  • If you are using username / password over basichttpbinding without ssl, then the password is going over the network unencrypted.

    I would recomend that you use SSL in this situation.

    Yes you can use basic authenication with an asp.net membership provider, see:

    http://custombasicauth.codeplex.com/