New Posts New Posts RSS Feed: WCF Authentication using SQL Membership Provider
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

WCF Authentication using SQL Membership Provider
 Post Reply Post Reply
Author
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
Gooya View Drop Down
Newbie
Newbie


Joined: 19-Jan-2009
Location: Iran
Posts: 1 		Post Options Post Options   Quote Gooya Quote  Post ReplyReply Direct Link To This Post Topic: WCF Authentication using SQL Membership Provider
    Posted: 19-Jan-2009 at 1:24am

I'm working on a service based project and I'm trying to implement a level of security on my service (I.E. Authentication). My service is implemented using WCF technology.
I'm using WSHttpBinding and Message Security Mode like this:

      <wsHttpBinding>
        <binding name="wsHttpEndpointBinding">
          <security mode="Message">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </wsHttpBinding>


I would like to use "Membership Provider" for authentication like this:

      <membership defaultProvider="MySqlMembershipProvider">
        <providers>
          <clear/>
          <add name="MySqlMembershipProvider"
               connectionStringName="MyLocalSQLServer"
               applicationName="IspUtil"
               type="System.Web.Security.SqlMembershipProvider"
               enablePasswordRetrieval="false"
               enablePasswordReset="false"
               requiresQuestionAndAnswer="false"
               requiresUniqueEmail="true"
               passwordFormat="Hashed" />
        </providers>
      </membership>


The service Behavior configuration is set like the following:

          <serviceCredentials>
            <serviceCertificate findValue="CN=RezaCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />
            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="MySqlMembershipProvider" />
          </serviceCredentials>


I created my certificate under common name of "RezeCert". Everything is fine as far as the client and server is on the same machine. But when I try to deploy it on separate client and server machines, the following exception raises:

An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.

Inner Exception is
An error occurred when verifying security for the message.


Any reply to the following questions will be appreciated:
1. Why do I get the exception above?
2. Is it possible to run it in real environment without obtaining a valid certificate (using my test certificate)?
3. Should I set any specific configuration in IIS --> Security tab?
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down