Solved

Allow insecure transport in Silverlight 4.0

Posted on 2011-03-23
5
1,028 Views
Last Modified: 2013-11-12
Hi,

I'm trying to use UserNamePasswordValidator for custom validation of user name and password in a wcf service call from Silverlight 4.0 by using custom binding, Http transport with TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement  and Allow insecure transport set to ture.

Is this possible in SL 4.0?  I know this can be done between a windows console application and the service. But in SL i cant find the Allow insecure transport attribute on TransportSecurityBindingElement

Server Config

    <bindings>
      <customBinding>
        <binding name="InsecureCredentials">
          <security authenticationMode="UserNameOverTransport" allowInsecureTransport="true" />
          <textMessageEncoding messageVersion="Soap11" />
          <httpTransport />
        </binding>
      </customBinding>
    </bindings>


Client Custom Binding


public class CustomHttpMessageInspectorBinding : CustomBinding
    {
 
        public CustomHttpMessageInspectorBinding()
        {
 
        }
 
        public CustomHttpMessageInspectorBinding(IClientMessageInspector messageInspector)
        {
            ChannelBindingElement = newMessageInspectorBindingElement();
            ChannelBindingElement.MessageInspector = messageInspector;
        }
 
        publicMessageInspectorBindingElement ChannelBindingElement
        {
            get;
            set;
        }
 
        publicoverrideBindingElementCollection CreateBindingElements()
        {
            BindingElementCollection bindingElements = base.CreateBindingElements();
            bindingElements.Add(ChannelBindingElement);
            HttpTransportBindingElement transport = newMyPseudoHttpsTransportBindingElement();
 
            transport.MaxReceivedMessageSize = 2147483647;
            transport.MaxBufferSize = 2147483647;
 
            TransportSecurityBindingElement security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
            security.IncludeTimestamp = true;
           
            TextMessageEncodingBindingElement element = newTextMessageEncodingBindingElement();
            bindingElements.Add(security);
            bindingElements.Add(element);
            bindingElements.Add(transport);
            return
 bindingElements;
        }
    }


Thanks

Gautham
0
Comment
Question by:Gautham Janardhan
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:politex
ID: 35227657
Hi, as i know insecure transport is default for  silverlight (securityMode=None), so you don't need any special parameter.
0
 
LVL 29

Assisted Solution

by:Gautham Janardhan
Gautham Janardhan earned 0 total points
ID: 35229408
thats true , but if you security is user name over transport, this needs an https transport,
In this scrnario in windows/console application there is a option to set AllowInsecureTransport to true so we can use user name over transport using an http transport.

Hope i'm clear
0
 
LVL 3

Expert Comment

by:politex
ID: 35229549
for this behavior in silverlight's BasicHttpSecurityMode is
"TransportCredentialOnly" - This mode provides only HTTP-based client authentication. It does not provide message integrity or confidentiality.
msdn
0
 
LVL 29

Accepted Solution

by:
Gautham Janardhan earned 0 total points
ID: 35229595
if i'm correct TransportWithMessageCredential works with Windows Authentication and not with Custom user name validator.
0
 
LVL 29

Author Closing Comment

by:Gautham Janardhan
ID: 35499750
This cant be done in SL
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question