Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Allow insecure transport in Silverlight 4.0

Posted on 2011-03-23
5
Medium Priority
?
1,041 Views
Last Modified: 2013-11-12
Hi,

I'm trying to use UserNamePasswordValidator for custom validation of user name and password in a wcf service call from Silverlight 4.0 by using custom binding, Http transport with TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement  and Allow insecure transport set to ture.

Is this possible in SL 4.0?  I know this can be done between a windows console application and the service. But in SL i cant find the Allow insecure transport attribute on TransportSecurityBindingElement

Server Config

    <bindings>
      <customBinding>
        <binding name="InsecureCredentials">
          <security authenticationMode="UserNameOverTransport" allowInsecureTransport="true" />
          <textMessageEncoding messageVersion="Soap11" />
          <httpTransport />
        </binding>
      </customBinding>
    </bindings>


Client Custom Binding


public class CustomHttpMessageInspectorBinding : CustomBinding
    {
 
        public CustomHttpMessageInspectorBinding()
        {
 
        }
 
        public CustomHttpMessageInspectorBinding(IClientMessageInspector messageInspector)
        {
            ChannelBindingElement = newMessageInspectorBindingElement();
            ChannelBindingElement.MessageInspector = messageInspector;
        }
 
        publicMessageInspectorBindingElement ChannelBindingElement
        {
            get;
            set;
        }
 
        publicoverrideBindingElementCollection CreateBindingElements()
        {
            BindingElementCollection bindingElements = base.CreateBindingElements();
            bindingElements.Add(ChannelBindingElement);
            HttpTransportBindingElement transport = newMyPseudoHttpsTransportBindingElement();
 
            transport.MaxReceivedMessageSize = 2147483647;
            transport.MaxBufferSize = 2147483647;
 
            TransportSecurityBindingElement security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
            security.IncludeTimestamp = true;
           
            TextMessageEncodingBindingElement element = newTextMessageEncodingBindingElement();
            bindingElements.Add(security);
            bindingElements.Add(element);
            bindingElements.Add(transport);
            return
 bindingElements;
        }
    }


Thanks

Gautham
0
Comment
Question by:Gautham Janardhan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:politex
ID: 35227657
Hi, as i know insecure transport is default for  silverlight (securityMode=None), so you don't need any special parameter.
0
 
LVL 29

Assisted Solution

by:Gautham Janardhan
Gautham Janardhan earned 0 total points
ID: 35229408
thats true , but if you security is user name over transport, this needs an https transport,
In this scrnario in windows/console application there is a option to set AllowInsecureTransport to true so we can use user name over transport using an http transport.

Hope i'm clear
0
 
LVL 3

Expert Comment

by:politex
ID: 35229549
for this behavior in silverlight's BasicHttpSecurityMode is
"TransportCredentialOnly" - This mode provides only HTTP-based client authentication. It does not provide message integrity or confidentiality.
msdn
0
 
LVL 29

Accepted Solution

by:
Gautham Janardhan earned 0 total points
ID: 35229595
if i'm correct TransportWithMessageCredential works with Windows Authentication and not with Custom user name validator.
0
 
LVL 29

Author Closing Comment

by:Gautham Janardhan
ID: 35499750
This cant be done in SL
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question