DevForce Community Forum : WCF Authentication using SQL Membership Provider http://www.ideablade.com/forum/ This is an XML content feed of; DevForce Community Forum : DevForce Classic : WCF Authentication using SQL Membership Provider Wed, 10 Jun 2026 17:40:06 -700 Mon, 19 Jan 2009 01:24:58 -700 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 9.69 360 www.ideablade.com/forum/RSS_post_feed.asp?TID=1061 DevForce Community Forum http://www.ideablade.com/forum/forum_images/IdeaBlade_logo_tm.png http://www.ideablade.com/forum/ WCF Authentication using SQL Membership Provider : I'm working on a service... http://www.ideablade.com/forum/forum_posts.asp?TID=1061&PID=3816#3816 Author: Gooya
Subject: 1061
Posted: 19-Jan-2009 at 1:24am

I'm working on a service based project and I'm trying to implement a level of security on my service (I.E. Authentication). My service is implemented using WCF technology.
I'm using WSHttpBinding and Message Security Mode like this:

      <wsHttpBinding>
        <binding name="wsHttpEndpointBinding">
          <security mode="Message">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </wsHttpBinding>


I would like to use "Membership Provider" for authentication like this:

      <membership defaultProvider="MySqlMembershipProvider">
        <providers>
          <clear/>
          <add name="MySqlMembershipProvider"
               connectionStringName="MyLocalSQLServer"
               applicationName="IspUtil"
               type="System.Web.Security.SqlMembershipProvider"
               enablePasswordRetrieval="false"
               enablePasswordReset="false"
               requiresQuestionAndAnswer="false"
               requiresUniqueEmail="true"
               passwordFormat="Hashed" />
        </providers>
      </membership>


The service Behavior configuration is set like the following:

          <serviceCredentials>
            <serviceCertificate findValue="CN=RezaCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />
            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="MySqlMembershipProvider" />
          </serviceCredentials>


I created my certificate under common name of "RezeCert". Everything is fine as far as the client and server is on the same machine. But when I try to deploy it on separate client and server machines, the following exception raises:

An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.

Inner Exception is
An error occurred when verifying security for the message.


Any reply to the following questions will be appreciated:
1. Why do I get the exception above?
2. Is it possible to run it in real environment without obtaining a valid certificate (using my test certificate)?
3. Should I set any specific configuration in IIS --> Security tab?

]]> Mon, 19 Jan 2009 01:24:58 -700 http://www.ideablade.com/forum/forum_posts.asp?TID=1061&PID=3816#3816