通过https在Wcf中清除文本用户名密码验证

时间:2010-04-23 08:45:54

标签: c# wcf authentication .net-3.5 wcf-binding

我的问题可能很愚蠢,但现在就是。

我经历了this个问题。 jassuncao建议使用custom binding创建的Yaron Naveh。现在它不是一种非常安全的身份验证方式,我的问题是,如果我使用Yaron的自定义绑定并将我的服务放在https后怎么办?它还会不安全吗?

1 个答案:

答案 0 :(得分:1)

如果您使用的是SSL,则传输将是安全的。不需要自定义绑定。

您提及的Introducing WCF ClearUsernameBinding 页面:

Sachin said... 
How does this work in IIS hosted environment with SSL certificate. Also in order to provide interoperability how will the clients using non woindows environment will be able to provide the user credentioals? 

February 18, 2009 9:06 PM  
 Yaron Naveh said... 
Hi Sachin

When SSL is used there is no need for clearUsernameBinding - you can use the out of the box WCF configurations.

As for interoperability, clearUsernameBinding adheres to the WSS username profile.