问题
I've been looking around and haven't been getting very far in my research of WCF security. I have a low-risk service I want to create so I just want some basic security required for client's on different servers outside of the domain to be able to use it.
What's the easiest way in WCF? Is it just through the use of certificates?
回答1:
Check this, it covers many security scenarios, use whichever suits your need.
And for authentication purpose you can easily opt Username security, where you just need to pass user name and password.
回答2:
Easiest way to simply encrypt the transmission is if you're just using net.tcp binding, then you can turn on Transport security or Message security without needing to set up a certificate.
With WsHttpBinding message-level security (contents of the message are encrypted) is enabled by default and doesn't require an SSL cert. And if the clients are on the same Windows network then it'll use Windows Authentication and credentials by default, too, so you should be able to enable Transport security without needing an SSL cert there, either.
If you want to expose your service over HTTPS to the public internet then you'll need to obtain an SSL certificate and bind it to the port on the server that the service runs on, using httpcfg.exe (comes with Windows Server).
来源:https://stackoverflow.com/questions/5265635/easiest-way-to-protect-wcf-services