By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,313 Members | 2,725 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,313 IT Pros & Developers. It's quick & easy.

HowTo: disable WCF security

P: n/a
Question 1: How do I turn off WCF security to get my apps out the door quickly?
Question 2: Where can I find a step by step article/flowchart how to
configure WCF security (the WCF books miss this point)?

Background:
I have a WCF client / WCF host pair running fine on the same machine.
Metadata is offered both via basicHttp and netTcp.
Services are offered via netTcp.

When distributing the WCF client on the intranet, everybody (my fellow
programmers) can access the Metadata and "Add Service Reference" to their
client apps. However nobody can then access the services.
The error message/exception on the client is something like "host rejected"
without further info.

The WCF host runs under administrator, firewall etc. disabled.

WinXP on all computers.

Since the WCF host does not provide anything secret I'd like to turn off all
security checks on the WCF host altogether.

And the security chapters in the five+ WCF books in front of me give me lots
of lectures on security principles however no step by step guidance about how
to implement it.

thank you very much. herbert
Jun 27 '08 #1
Share this Question
Share on Google+
1 Reply


P: n/a
You can config do it via binding information:

Some examples:

Of course the key is "security mode"...This should be enough to google on at
least.

<bindings>

<netMsmqBinding>

<binding name ="NoMSMQSecurity" >

<security mode = "None">

</security>

</binding>

</netMsmqBinding>

<wsHttpBinding>

<binding name="WSHttpBindingName1" maxReceivedMessageSize="1000000" >

<security mode="None">

<transport clientCredentialType="None" />

<message establishSecurityContext="false" />

</security>

</binding>

</wsHttpBinding>

</bindings>

Here is one: I'm not sure what Transport is offhand. I could probably put
"none" in here as well.
<netNamedPipeBinding>

<binding name="NamedPipeBindingName1"

hostNameComparisonMode="StrongWildcard"

maxBufferSize="1000000"

maxConnections="255"

maxReceivedMessageSize="1000000"

receiveTimeout="00:59:00"

transactionFlow="false">

<security mode="Transport">

</security>

</binding>

</netNamedPipeBinding>

Then your end point needs to associate the binding:

example:
<endpoint name="WSHttpEndPoint"

address = "http://localhost:8001/ZebraControllerFascade"

binding = "wsHttpBinding" bindingConfiguration="WSHttpBindingName1"

contract =
"MeasInc.Applications.ScoringCenter.Interfaces.Zeb ra.Controllers.IZebraController"
>


</endpoint >

"herbert" <he*****@discussions.microsoft.comwrote in message
news:A2**********************************@microsof t.com...
Question 1: How do I turn off WCF security to get my apps out the door
quickly?
Question 2: Where can I find a step by step article/flowchart how to
configure WCF security (the WCF books miss this point)?

Background:
I have a WCF client / WCF host pair running fine on the same machine.
Metadata is offered both via basicHttp and netTcp.
Services are offered via netTcp.

When distributing the WCF client on the intranet, everybody (my fellow
programmers) can access the Metadata and "Add Service Reference" to their
client apps. However nobody can then access the services.
The error message/exception on the client is something like "host
rejected"
without further info.

The WCF host runs under administrator, firewall etc. disabled.

WinXP on all computers.

Since the WCF host does not provide anything secret I'd like to turn off
all
security checks on the WCF host altogether.

And the security chapters in the five+ WCF books in front of me give me
lots
of lectures on security principles however no step by step guidance about
how
to implement it.

thank you very much. herbert

Jun 27 '08 #2

This discussion thread is closed

Replies have been disabled for this discussion.