Password protect WCF Service hosted on IIS7 public internet

I have a simple WCF service that I want to publish to the public internet via IIS 7. My original plan was to publish the service to iis and turn on WIndows Authentication.

But I was reading some articles on the internet about doing such a thing and it was not advised. Instead some were suggesting that you use a x509 certificate. This did not look too appealing because the amount of configuration that was needed. And does this mean that the persons consuming the service will need a certificate as well?

I just want to simply give out the url of the service along with a username and password for each user and that be that.

What is the easiest (but secure) way to accomplish this task?
LVL 1
dpbouchardAsked:
Who is Participating?
 
dpbouchardConnect With a Mentor Author Commented:
I resolved this issue by using a local user account to the server itself in addition to adding a ssl certificate. Thanks for the help!
0
 
Nathan BoveSoftware EngineerCommented:
You can do one of two methods.  You can either have all of your methods also take username and password parameters.  Or you can set up an authentication service that takes a user name and password and issues an authentication token back.  Then your methods just have to take the authentication token as a parameter.
0
 
dpbouchardAuthor Commented:
Not exactly what I was looking for. I am looking for some way to just put authentication on the website or the folder itself to that IIS will issue a 401 requesting authentication.

I am pretty sure I can enable Windows Authentication and make this work. I am just told that it is not very secure.

Any ideas?
0
 
dpbouchardAuthor Commented:
Resolved issue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.