Message Security in WCF
There are two types of security in WCF. One is the security of Data and second is the security of medium through which message travel.
When we talk about the security of data then it is achieved by message security and if we talk about the security of medium through which message travel which is protocol security can be achieved by transport level security.
In this article I defined how to achieve message level security. There of different type of client credential and using this client credential we achieve message security. I am using wsHttpBinding to achieve message level security
Type of client Credential in message security
5. Issued token
In this example I am using client credential username.
Following are the steps to implement the message security using client credential username
Create a class and inherit usernamepasswordvalidator class in it. This class will be found on System.IdentityModel.Selectors and override the method validate and verify the username and password.
public class Credentioal:UserNamePasswordValidator
public override void Validate(string userName, string password)
if (userName == "isha" && password == "isha123")
throw new FaultException("Wrong userid and pwd");
Go to your web.config file customize the binding and add message security and client credential username.
Now create service tag and add this binding using bindingconfiguration tag which is as follows:-
<endpoint address="" binding="wsHttpBinding" contract="IService" bindingConfiguration="sec" >
To implement message level security we need security certificate. So go to your start button and type inetmgr and choose server certificate
Now create the server certificate from the left panal and choose create self-signed certificate and give it proper name as I give certificate name isha
Now you can see your certificate here in the list
Now go to your web config file again and add this certificate and credential class in it
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Credentioal, App_Code"/>
<!-- To avoid disclosing metadata information, set the value below to false before deployment -->
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
Now execute your service
Now create your client application and add this reference and use the following credential:-
public partial class _Default : System.Web.UI.Page
protected void Page_Load(object sender, EventArgs e)
ServiceReference1.ServiceClient sv = new ServiceReference1.ServiceClient();
sv.ClientCredentials.UserName.UserName = "isha";
sv.ClientCredentials.UserName.Password = "isha123";
If you do not pass the credential or pass wrong credential it will simply give you error.
Hope you enjoyed the article