How to configure anonymous access WCF over HTTP (no SSL)

Question

0.00/5 (No votes)

See more:

I've got a requirement to host an anonymous WCF service in IIS over HTTP only (no SSL will be installed).

I can get anonymous access over HTTP with SSL installed (using Self-Cert) and bound to the site.

Can anyone help?

Posted 4-Feb-11 14:07pm

Martin Jarvis

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Accepted Answer · 2011-02-04T14:23:00

Solution 1

For example, if you make self-hosted WCF service it will be "anonymous" unless you specifically implement some kind of authentication :-). Same thing about Web service or ASP.NET.

Probably your idea of authentication is related specifically SSL authentication (http://msdn.microsoft.com/en-us/library/aa922016.aspx[^]), not WCF.
Pure WCF has nothing to do with authentication. It's just a wrapper over the channel (like TCP or HTTP) and marshaling functionality. You can think of WCF of a lowers application level over a transport protocol later (which is replaceable). Authentication may or may not be provided on top of it.

Microsoft offers special Windows Communication Foundation Authentication Service which you can choose to use or not: http://msdn.microsoft.com/en-us/library/bb386582.aspx[^]. Web Service Authentication: http://msdn.microsoft.com/en-us/library/ms154673.aspx[^]. ASP.NET Authentication: http://msdn.microsoft.com/en-us/library/eeyk640h.aspx[^].

Will you try this simple sample of Host a WCF Service in IIS from Microsoft: http://msdn.microsoft.com/en-us/library/ms733766.aspx[^] — again, not authentication involved.

Maybe, you over-complicate the simple task because of your past experience with secure protocol(s)?

—SA

Posted 4-Feb-11 14:23pm

Sergey Alexandrovich Kryukov

Updated 4-Feb-11 16:05pm

v6

Comments

Martin Jarvis 4-Feb-11 20:50pm

Ah, sorry. I should have been clearer, it must be hosted in IIS. The application is hosted by a 3rd Party on a shared server.

I've tried BasicHttpBinding and WSHttpBinding (no authentication) but they each through an error about the 'https' protocol not being supported. Usually, I'd jsut install SSL and be done, but in this case we can't self-cert and the client wont pay for a proper certificate as the service is going to have a very short lifespan (1 month).

Sergey Alexandrovich Kryukov 4-Feb-11 21:58pm

I mentioned the self-hosting and other cases only for example. From your question I could see IIS. So, can you provide some information on the host you use and explain why having no authentication is a problem. For this purpose, could you show the relevant part of the code you already have.

You see, the self-certificate is also a notion of secure protocol, it is related to assymmetric ciphering and open key. If the protocol is HTTP, there is no ciphering in the protocol, hence no certificate. I mean it: not self or authorized certificate -- there is not such notion in HTTP at all (don't mix it up with self-hosting).

So, from this point I fail to understand what is your problem. You try to explain the problem in terms relevant to HTTPS or SSL which are simply not applicable to "plain" HTTP.

Maybe, 2 things could help: 1) you could find really simple HTTP/IIS service sample and look at it (most preferable), 2) you provide some code (please simplify as much as possible) and let me take a look. How about that?

Thank you.
--SA

Sergey Alexandrovich Kryukov 4-Feb-11 22:07pm

Again, WSHttpBinding is related to support of secure sessions and oriented toward authentication. I think you need to step back to more simple staff.

OK, I added a new reference to my answer. Maybe a simple sample will help. (I don't have IIS to run it.)

--SA

Martin Jarvis 5-Feb-11 5:23am

Thanks, I sorted the problem now. There was a custom ServiceFactory refererenced in the .svc (copied from another project which REQUIRED ssl) which was interfering.

It turns out that my bindings were correct and I was pulling my hair out over a trival mistake.

Sergey Alexandrovich Kryukov 5-Feb-11 5:53am

Great, thank you for accepting the answer and reporting back.
Good luck,
--SA

Espen Harlinn 5-Feb-11 13:29pm

Good work as usual :)