Solved

Allow insecure transport in Silverlight 4.0

Posted on 2011-03-23
5
1,026 Views
Last Modified: 2013-11-12
Hi,

I'm trying to use UserNamePasswordValidator for custom validation of user name and password in a wcf service call from Silverlight 4.0 by using custom binding, Http transport with TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement  and Allow insecure transport set to ture.

Is this possible in SL 4.0?  I know this can be done between a windows console application and the service. But in SL i cant find the Allow insecure transport attribute on TransportSecurityBindingElement

Server Config

    <bindings>
      <customBinding>
        <binding name="InsecureCredentials">
          <security authenticationMode="UserNameOverTransport" allowInsecureTransport="true" />
          <textMessageEncoding messageVersion="Soap11" />
          <httpTransport />
        </binding>
      </customBinding>
    </bindings>


Client Custom Binding


public class CustomHttpMessageInspectorBinding : CustomBinding
    {
 
        public CustomHttpMessageInspectorBinding()
        {
 
        }
 
        public CustomHttpMessageInspectorBinding(IClientMessageInspector messageInspector)
        {
            ChannelBindingElement = newMessageInspectorBindingElement();
            ChannelBindingElement.MessageInspector = messageInspector;
        }
 
        publicMessageInspectorBindingElement ChannelBindingElement
        {
            get;
            set;
        }
 
        publicoverrideBindingElementCollection CreateBindingElements()
        {
            BindingElementCollection bindingElements = base.CreateBindingElements();
            bindingElements.Add(ChannelBindingElement);
            HttpTransportBindingElement transport = newMyPseudoHttpsTransportBindingElement();
 
            transport.MaxReceivedMessageSize = 2147483647;
            transport.MaxBufferSize = 2147483647;
 
            TransportSecurityBindingElement security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
            security.IncludeTimestamp = true;
           
            TextMessageEncodingBindingElement element = newTextMessageEncodingBindingElement();
            bindingElements.Add(security);
            bindingElements.Add(element);
            bindingElements.Add(transport);
            return
 bindingElements;
        }
    }


Thanks

Gautham
0
Comment
Question by:Gautham Janardhan
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:politex
ID: 35227657
Hi, as i know insecure transport is default for  silverlight (securityMode=None), so you don't need any special parameter.
0
 
LVL 29

Assisted Solution

by:Gautham Janardhan
Gautham Janardhan earned 0 total points
ID: 35229408
thats true , but if you security is user name over transport, this needs an https transport,
In this scrnario in windows/console application there is a option to set AllowInsecureTransport to true so we can use user name over transport using an http transport.

Hope i'm clear
0
 
LVL 3

Expert Comment

by:politex
ID: 35229549
for this behavior in silverlight's BasicHttpSecurityMode is
"TransportCredentialOnly" - This mode provides only HTTP-based client authentication. It does not provide message integrity or confidentiality.
msdn
0
 
LVL 29

Accepted Solution

by:
Gautham Janardhan earned 0 total points
ID: 35229595
if i'm correct TransportWithMessageCredential works with Windows Authentication and not with Custom user name validator.
0
 
LVL 29

Author Closing Comment

by:Gautham Janardhan
ID: 35499750
This cant be done in SL
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Summary: Persistence is the capability of an application to store the state of objects and recover it when necessary. This article compares the two common types of serialization in aspects of data access, readability, and runtime cost. A ready-to…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now