WCF custom userName authentication using HTTP

Question

I am trying to configure my WCF service to use a custom username validator over HTTP and my ASP.NET Development server. Following are the parts of the serviceModel...

Answer 1

Also, see my blog post on how to implement a binding that will allow you to pass username and password over HTTP without SSL: http://blog.tonysneed.com/2012/06/18/building-scalable-and-secure-wcf-services/ Keep in mind, however, it's not a good idea to pass credentials in the clear over a non-secure transport. The technique I describe assumes you are using another mechanism, such as IPSec, to secure the transport, and it is useful for a load balancer that supports SSL termination for better scalability.

To specifically address your scenario, I would recommend that you bite the bullet and set up your development environment with SSL so that you can use the HTTPS binding with WCF and your username-password validator. This is much easier than implementing a custom binding element and is not as difficult as you might think. In fact, if you have IIS Express installed, you get a self-signed certificate that you can easily use as a certificate on IIS, or with a Windows Service.

Cheers, Tony Sneed