Reputation: 14099
WCF transport security configuration question
We have Windows Service with tcp binding. It has a transport security mode and client credential type is Windows. Service is within a domain.
Now we want to make calls to this service from the ASP.NET application running on IIS which is not part of the domain. We don't need user impersonation. What is the most secure way to enable this sort of communication?
This is a pretty standard situation: Web server is in DMZ and I would like to know how to set a secure communication with WCF backend services.
Upvotes: 1
Views: 423
Answers (1)
Reputation: 364269
I expect that it will not work. You cannot use Windows client credential type if you want to consume the service outside of your domain. You must use Certificate (or None but it means no authentication).
The difference is that Windows client credentials will create stream secured with SSPI whereas Certificate and None client credentials will create stream secured with SSL certificate. In case of Certificate client credentials each client will be identified by its own certificate (= you need one for your IIS server).
Upvotes: 2
Related Questions
- WCF "Basic" transport security issue when hosted in IIS
- Wcf transport security
- WCF security configuration and IIS settings
- How to set up WCF transport security using Windows for clients and service for security newbie?
- Transport security in WCF
- WCF Transport Security
- WCF Transport Security
- WCF Intranet Security Configuration
- WCF security configuration
- Configuring transport security for WCF