Afzal Ahmed Khan
Hi
I managed to use TransportWithMessageCredential security configured with ASP.Net membership provider using user name token; service hosted in IIS with SSL. Here is my config file
<connectionStrings>
<clear/>
<add name="LocalSqlServer" connectionString="server=.;database=MyMemDB;uid=sa;pwd=sql"/>
</connectionStrings>
<system.serviceModel>
<services>
<service name="EmployeeHost.EmployeeManager" behaviorConfiguration="MembershipBehavior">
<host>
<baseAddresses>
<add baseAddress="http://localhost:1111/EmployeeService"/>
<add baseAddress="https://localhost:2222/EmployeeService"/>
</baseAddresses>
</host>
<!-- Operation EndPoints-->
<endpoint bindingConfiguration="basicsecbindingconf" address="HttpEndPoint" binding="basicHttpBinding" contract="EmployeeHost.IEmployee"
/>
<!-- MEX EndPoints-->
<endpoint address="HttpMex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors >
<behavior name="MembershipBehavior" >
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="AspNetSqlMembershipProvider"/>
</serviceCredentials>
<serviceMetadata httpGetUrl="HttpGet" httpGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="basicsecbindingconf">
<security mode="TransportWithMessageCredential">
<message clientCredentialType ="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
this works fine . but I have two issues
1) When I change the security mode to message i.e now the combination is message security + username token, I get an error
"The ChannelDispatcher at 'http://localhost:1111/EmployeeService/HttpEndPoint' with contract(s) '"EmployeeManager"' is unable to open its IChannelListener"
So in short message security is not working with username token. Why is that
2) The ASP.Net membership & role providers work only when the service is configured in IIS right . What if I am using the netTcpBinding; service hosted in a non web application e.g. a windows application. Is there any way of database authentication when ASP.Net membership provider is not usable I'll really appreciate if some code and/or config settings are provided.