Solved

Allow insecure transport in Silverlight 4.0

Posted on 2011-03-23
5
1,027 Views
Last Modified: 2013-11-12
Hi,

I'm trying to use UserNamePasswordValidator for custom validation of user name and password in a wcf service call from Silverlight 4.0 by using custom binding, Http transport with TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement  and Allow insecure transport set to ture.

Is this possible in SL 4.0?  I know this can be done between a windows console application and the service. But in SL i cant find the Allow insecure transport attribute on TransportSecurityBindingElement

Server Config

    <bindings>
      <customBinding>
        <binding name="InsecureCredentials">
          <security authenticationMode="UserNameOverTransport" allowInsecureTransport="true" />
          <textMessageEncoding messageVersion="Soap11" />
          <httpTransport />
        </binding>
      </customBinding>
    </bindings>


Client Custom Binding


public class CustomHttpMessageInspectorBinding : CustomBinding
    {
 
        public CustomHttpMessageInspectorBinding()
        {
 
        }
 
        public CustomHttpMessageInspectorBinding(IClientMessageInspector messageInspector)
        {
            ChannelBindingElement = newMessageInspectorBindingElement();
            ChannelBindingElement.MessageInspector = messageInspector;
        }
 
        publicMessageInspectorBindingElement ChannelBindingElement
        {
            get;
            set;
        }
 
        publicoverrideBindingElementCollection CreateBindingElements()
        {
            BindingElementCollection bindingElements = base.CreateBindingElements();
            bindingElements.Add(ChannelBindingElement);
            HttpTransportBindingElement transport = newMyPseudoHttpsTransportBindingElement();
 
            transport.MaxReceivedMessageSize = 2147483647;
            transport.MaxBufferSize = 2147483647;
 
            TransportSecurityBindingElement security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
            security.IncludeTimestamp = true;
           
            TextMessageEncodingBindingElement element = newTextMessageEncodingBindingElement();
            bindingElements.Add(security);
            bindingElements.Add(element);
            bindingElements.Add(transport);
            return
 bindingElements;
        }
    }


Thanks

Gautham
0
Comment
Question by:Gautham Janardhan
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:politex
ID: 35227657
Hi, as i know insecure transport is default for  silverlight (securityMode=None), so you don't need any special parameter.
0
 
LVL 29

Assisted Solution

by:Gautham Janardhan
Gautham Janardhan earned 0 total points
ID: 35229408
thats true , but if you security is user name over transport, this needs an https transport,
In this scrnario in windows/console application there is a option to set AllowInsecureTransport to true so we can use user name over transport using an http transport.

Hope i'm clear
0
 
LVL 3

Expert Comment

by:politex
ID: 35229549
for this behavior in silverlight's BasicHttpSecurityMode is
"TransportCredentialOnly" - This mode provides only HTTP-based client authentication. It does not provide message integrity or confidentiality.
msdn
0
 
LVL 29

Accepted Solution

by:
Gautham Janardhan earned 0 total points
ID: 35229595
if i'm correct TransportWithMessageCredential works with Windows Authentication and not with Custom user name validator.
0
 
LVL 29

Author Closing Comment

by:Gautham Janardhan
ID: 35499750
This cant be done in SL
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A theme is a collection of property settings that allow you to define the look of pages and controls, and then apply the look consistently across pages in an application. Themes can be made up of a set of elements: skins, style sheets, images, and o…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now