Reputation: 645
Message Security with a User Name Client
The MSDN link says that X.509 certificates are used to authenticate a service. My questions are given below:
What is the purpose of using certificates while opting for
Message security with client credential of UserName?Is it not possible to use
Message security with UserName client credentialwithout using certificates at all?Can I use a self-signed certificate in production?
Upvotes: 0
Views: 83
Answers (1)
Reputation: 10026
1) What is the purpose of using certificates while opting for Message security with client credential of UserName?
The X509 Certificate creates a secure channel - it is used to encrypt and digitally sign messages. Additionally, it authenticates the service to the client.
2) Is it not possible to use Message security with UserName client credential without using a certificate?
Since the client's credential is just a username\ password pair, you need some sort of mechanism to create the secure channel. However, you can get around this with a custom binding. See this link for such a binding.
3) Can I use a self-signed certificate in production?
You certainly can use them. Whether you should or not is something up to debate. It depends on your situation. For example, if you're doing some form of Ecommerce then you definitely should use CA Signed Certificates.
Upvotes: 2
Related Questions
- WCF Client Certificate AND UserName Credentials forbidden
- WCF security issue
- WCF - Authenticate the client with Message Security using Certificates
- WCF - Service Certificate with User Name Validation
- WCF message / method security without a client certificate
- WCF Message security using certificates -
- How to use Message security and UserName clientCredentialType without Certificate in WCF Service?
- WCF Service - certificates and message security with UserName authentication
- WCF Using UserName Authentication with Message Security
- WCF Message Level Security