Which security mode to use in WCF client with SSL and HTTP Authentication?

问题

I need to use SSL and HTTP authentication in my WCF client to connect to a web service. I have wcf client binding configuration as shown below and code to load certificate and pass the user name and password for http authorization. When I tried this, I am receiving an error "The http request is unauthorized with client authentication scheme 'Anonymous'. The authentication from the server was 'Basic realm="ws.dataway.com:443'". The remote server returned an error: (401) Unauthorized. Can anyone please tell how to resolve this and what needs to be changed in the binding configuration? Thanks!

            <basicHttpBinding>
            <binding name="OrderBinding" closeTimeout="00:01:00"
                openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                useDefaultWebProxy="true">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
               <security mode="Transport">
                     <transport clientCredentialType="Certificate" proxyCredentialType="None"
                        realm="" />
               </security>
            </binding>
            </basicHttpBinding>

code:

            ClientCredentials loginCredentials = new ClientCredentials();
            loginCredentials.UserName.UserName = this.UserId;
            loginCredentials.UserName.Password = this.Password;
            loginCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByIssuerName, "link.com");

            var defaultCredentials = channelFactory.Endpoint.Behaviors.Find<ClientCredentials>();
            channelFactory.Endpoint.Behaviors.Remove(defaultCredentials);
            channelFactory.Endpoint.Behaviors.Add(loginCredentials);

回答1:

Try this custom binding:

  <customBinding>
    <binding name="Secured">
      <textMessageEncoding messageVersion="Soap11" />
      <httpsTransport authenticationScheme="Basic" 
                      realm="ws.dataway.com:443"
                      requireClientCertificate="true" />
    </binding>
  </customBinding>

来源：https://stackoverflow.com/questions/8806067/which-security-mode-to-use-in-wcf-client-with-ssl-and-http-authentication