No Security Scenario
In this last scenario, your application turns off security completely. The service does not rely on any transfer security, and it does not authenticate or authorize its callers. Obviously, such a service is completely exposed, and you generally need a very good business justification for relinquishing security. Both Internet and intranet services can be configured for no security, and they can accept any number of clients.
Unsecuring the Bindings
To turn off security, you need to set the transfer security mode to None. This will also avoid storing any client credentials in the message. All bindings support no transfer security (see Table 10-1).
Configuring the allowed bindings is done similarly to the previous scenarios, except
the transfer security mode is set to None. For example, here's how to configure the
NetTcpBinding
programmatically:
NetTcpBinding binding = new NetTcpBinding(SecurityMode.None
);
And here's how to do this using a config file:
<bindings> <netTcpBinding> <binding name = "NoSecurity"> <security mode = "None"/> </binding> </netTcpBinding> </bindings>
Authentication
No client authentication is done in this scenario, and the client does not need to provide any credentials to the proxy. Nor does the client ever authenticate the service.
Authorization
Since the clients are anonymous (and unauthenticated), authorization and role-based
security are precluded. WCF will automatically set the PrincipalPermissionMode
property to PrincipalPermissionMode.None
Get Programming WCF Services, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.