.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Basic Authentication using security mode TransportCredentialOnly

Posted By:      Posted Date: October 08, 2010    Points: 0   Category :WCF

i am trying to achieve username/password authentication using Basic as security mode in my config file. i have a requirement to make my service available on HTTP so HTTPS is not an option. The other requirement that i have is that the client should be authenticated (from a database so Windows authentication is not an option) using username and password that he will provide.

following is the code:

A class added in the service project:

public class ServiceValidator : UserNamePasswordValidator
        public override void Validate(string userName, string password)
            // This isn't secure, though!
            if ((userName != "mohsin") || (password != "mohsin"))
                throw new SecurityTokenException("Validation Failed!");

my service.config looks like this


View Complete Post

More Related Resource Links

Security: Safer Authentication with a One-Time Password Solution


One-time passwords offer solutions to dictionary attacks, phishing, interception, and lots of other security breaches. Here's how it all works.

Dan Griffin

MSDN Magazine May 2008

Web Security: Part 2: Introducing the Web Application Manager, Client Authentication Options, and Pr


This article, the second of two parts, continues coverage of Web security for Windows. It introduces the Web Application Manager in IIS that allows Web processes to be isolated, decreasing the security risk associated with running in a logon session. The article then picks up where Part One left off-it discusses authentication methods such as basic authentication, digest authentication, integrated Windows authentication, and anonymous logons, and the benefits and drawbacks of each.

Keith Brown

MSDN Magazine July 2000

Looking for a simple Service and Console Client REST sample implementing BASIC authentication


Does anyone know of a C# code sample demonstrating WCF REST services and console test client with OperationContracts (GET and POST) implementing mutiple paramaters using BASIC authentication? Also, perhaps, using Fiddler as a test client as well? I have searched high and low for something like this, but have not had any success.

SSRS 2005 "Mixed" Authentication Mode


I have a web application where users can authenticate using either SiteMinder or Windows domain accounts.  This is actually configured as two separate virtual directories within IIS 6.  Both applications need to use the same instance of SSRS.  Is it possible to configure the SSRS web application so that if a user is authenticated by SiteMinder it impersonates a Windows account, but if they are already Windows-authenticated that account is used instead?

MOSS Site with Basic Authentication and variations does not work on one node

Hi, We have one MOSS Farm with two nodes, on this we have several sites. For one specific site we have Basic Authentication and variations enabled in it, on one node site works fine. When we browse it pops-up for credentials and once credentials are provided it works fine and properly redirect to source variation home page. But on the other node when we browse the site it pops-up asking for credentials then after providing correct credentials it again asks for credentials twice and then it throws the following error : Access denied.   You do not have permission to perform this action or access this resource. And if we directly put the source site homepage url it throws following error: 401 UNAUTHORIZED We have checked the Alternate Access Mappings for the site and it is perfectly fine, if i enable windows authentication on the defected node the site works fine. This issue is just like pain in the neck still no resolution, please help us to resolve this issue. Regards, Jasjeet Singh

Basic Authentication => http://MainSiteUsername@MainSitePassword@sitename.com

Hi,We have an Main asp.net site and Help site which is a plain html protected by 'Basic Authentication'.The requirement is once you already login on the Main asp.net site,  there is a link "Help" which is calling http://MainSiteUsername@MainSitePassword@companyhelp.com this was working well till this KB834489 came in.Can you help us solve this issue? Same issue with this one:http://www.bigresource.com/Tracker/Track-asp-D5uQcKze/Hope someone could help me on this.br,Chris

Security settings for this service require Windows Authentication but it is not enabled for the IIS

Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

Sesame: Spatial OData on Maps, Service Operations, HTTP Basic Authentication

Sesame Data Browser has just been updated to offer the following features for OData feeds: MapsImproved Service operations (FunctionImport) supportHTTP Basic Authentication supportMicrosoft Dallas support Maps Sesame now automatically displays items on a map if spatial information is available in data.This works when latitude and longitude pairs are provided.Here is for example a map of drinking fountains in Vancouver:This comes from DrinkingFountains in http://vancouverdataservice.cloudapp.net/v1/vancouver, which provides latitude/longitude for each fountain. Here is another example, without latitude/longitude this time: This is a map of the customers from the Northwind database, which are located based on their country, postal code, city, and street address. Service operations (FunctionImport) Support for service operations (aka FunctionImports) has been improved. Until now, only functions without parameters were supported. It's now possible to use service operations that take input parameters. Let's take as an example the GetProductsByRating function from http://services.odata.org/OData/OData.svc.This function is attached to Products, as you can see below: A "rating" parameter is expected in order to open the function: After clicking Open, you'll get data as usual:HTTP Basic Authentication New authentication options have been added: HTTP Basic and Dallas (more

Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtec

I have a windows service that runs on client machines and connects to a WCF service on a server.  This windows service seems to work fine on Windows XP, Vista and 7  machines, but when I try and run it on a Server 2008 R2 machine I get the following error: System.Configuration.ConfigurationErrorsException: An error occurred creating the configuration section handler for system.serviceModel/bindings: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'. (C:\Program Files (x86)\MyFolder\MyApp\MyAppWinSVC.exe.Config line 4) ---> System.TypeLoadException: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'.    at System.ServiceModel.Configuration.HttpTransportSecurityElement.get_Properties() I have the 3.5 sp1 feature installed. The only thing I have found online that is remotely similar is this MS hotfix: http://support.microsoft.com/kb/2262911 But when I try and apply it, it says that it isn't for my computer. Does anyone have any ideas how to resolve this issue?

silverlight + WCF Service + Dynamic proxy(custom binding) + basic authentication on iis

hi all, I am having an issue with how to get windows identity in silverlight project. Below is my scenario: the silverlight application need to get data from server via WCF service, i used the way that built dynamic proxy at runtime and aslo used custombinding in this case. Now my application need to deploy on iis and chosen "basic authentication" as a authentication mode. Thus i have chosen authentication mode in WCF was " <security authenticationMode="UserNameOverTransport">". At the client side where kind of project is silverlight that i need have to dynamic proxy with custombinding. My question is: In basic authentication how can i get windows identity to set to chanelfactory.Credentials: _channelFactory = new ChannelFactory<TWebService>(this._binding, new EndpointAddress(_endpointAddress));            _channelFactory.Credentials.UserName = new UserNamePasswordClientCredential();            _channelFactory.Credentials.UserName.UserName = "username";            _channelFactory.Credentials.UserName.Password = "password"; actually, i do not want to use Windows a

SQL Server 2008 Windows Authentication Mode fails for Database Engine, error 18456

I installed SQL Server 2008 Developer Edition (10.0.1600.22.080709-1414) on a Windows Vista 32-bit development machine with Windows Authentication Mode only (no SQL Server Authentication).   Since this is a development machine, I saw no need for Mixed Mode when I did the install.  The SQL Server Management Studio allows me to login to Analysis Services, Integration Services, Reporting Services, BUT NOT the Database Engine!Windows Authentication for the Database Engine gives the following error: EventID: 18456Login failed for user MYDOMAIN\MYLOGIN'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]The 'fix' I have found online is to login as SA in SQL Server Authentication mode & add MYDOMAIN\MYLOGIN as a administrator for the Database Engine.  Unfortunately, I can't since I didn't install SQL Server Authentication mode (only Windows Authentication Mode).  It appears my only recourse is to uninstall, then reinstall in Mixed mode, then to login as SA in SQL Server Authentication mode & add MYDOMAIN\MYLOGIN as a administrator for the Database Engine. Before I do so, does anyone know of a better approach?Scott D Duncan

Login issue using authentication mode="Forms"

Hi,I am using authentication mode="Forms" with ldap, i manage to login and logour fine but when user 1 is logged and when user2 logs, user1 gets the user2 session. Any idea why this might be happening? Here is some code:     <authentication mode="Forms">            <forms name="login" loginUrl="Login.aspx" />        </authentication>        <authorization>            <allow roles="auditor"/>            <allow roles="approver"/>            <allow roles="user"/>            <deny users="?"/>        </authorization>        <identity impersonate="true"/>protected Boolean ValidateUser(String strUsername, String strPassword)        {            //Return true if the username and password is valid, false if it isn't             &n

Is BasicHttpBinding/WSHttpBinding + Windows Authentication + Message Security possible without serve


Hi Folks,

I need to deploy a WCF service hosted in IIS 7.5 which has the following constrains:

1) Using Windows Authentication
2) No server or client certificate is needed
3) Using either BasicHttpBinding or WSHttpBinding
4) Using Message Security, so that it is not possible to monitor the communication maliciously. (I think Transport Security is not possible without server certificate)

Is it possible to fullfil the above requirements simultaneously? Thanks for the reply in advance. I'll appreciate it:)


Security and Authentication


Hi, Everyone:

If anyone can please help me with this issue I would gladly appriciated and I thank anyone that can help and that takes the time to view this post. I have an application that has a user Login Control (provided by ASP). I am just now working with the integration of a dataBase created in MS visual studio 2010, to a developed website created in MS visual web developer 2010. My main goal is to create an authentication ticket that  enables a user to be able to see a dataBase information only after that user has been successfully authenticated. Up to now I'm able to see the dataBase when i run the website even if I'm not log-in, can anyone please direct me in the right path to how i can create a home page that tells the user to log-in and once that user has successfully log-in it redirects the user to another page where the user can see the database and how I can add information to that dataBase only to specific members, thank you.

Security settings for this service require Windows Authentication but it is not enabled for the IIS




We are getting the following error, when we call a WCF service from IE. The service is developed in MS.NET 3.5 and hosted in IIS 6.0, Windows Server 2003 SP2


Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.


NOTE: The same is working GOOD in IIS 6.0, Windows XP SP2


IIS Setting


"Integrated Windows Authentication" is enabled in the "Directory Security"






<binding name

How to use basic authentication with WCF and IIS 6: Basic vs Windows credentials



I would like to get basic authentication working with a WCF service running on IIS 6 and a WCF proxy (basicHttpBinding). The problem is that I'm totally lost in all these different configuration settings you can do in WCF and IIS 6. I would be glad if you could shed some light on this matter.

First of all, I have understood that the client credentials must be sent in the following way in WCF proxy code:

proxy.ClientCredentials.UserName.UserName = MyUserName;

proxy.ClientCredentials.UserName.Password = MyPassword;

But then comes the hardest part. How do I have to configure my WCF proxy and service along with IIS 6 for basic authentication?

After a lot of googling I found out that there are at least three variations on how you can configure basic authentication in WCF and here are my conclusions, please correct if I'm wrong:

1. Sending a user name and password as plain text without SSL to a web server:

<security mode="TransportCredentialOnly<

wsHttpBinding with Windows Authentication and Message Security



I want to accomplish wsHttpBinding with Windows Authentication and Message Security. I've created a test service and deployed on Windows Server 2008 and IIS 7.5.

The virtual directory has been assigned a application pool running under custom account domain\username. Only
Windows Authentication is enabled on the virtual directory ( i DONT want anonymous access enabled).

I keep getting this error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service."

Below is my server config file. I've followed  instructions at http://msdn.microsoft.com/en-us/library/ff650619.aspx

        <binding name="NewBinding0">
          <security mode="Message">
            <transport clientCredentialType="Windows"></transport>

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend