Anonymous Application Scenario
In the anonymous scenario, the clients access the service without presenting any credentials—they are anonymous. Nevertheless, the clients and the service do require secure message transfer, impervious to tampering and sniffing. Both Internet-facing and intranet-based applications may need to provide for anonymous yet end-to-end secure access. The anonymous scenario can have any number of clients, small or large. The clients may connect over HTTP, TCP, or MSMQ.
Securing the Anonymous Bindings
The need to secure the message and the fact that the clients may
be calling over the Internet with multiple intermediaries mean that in
the anonymous scenario you should use Message security. With Message
security, you can easily satisfy both requirements by setting the
ClientCredentialType
property to
MessageCredentialType.None
. The
service needs to be configured with a certificate to secure the
message itself. For the anonymous scenario, you can use only the
WSHttpBinding
, NetTcpBinding
, and NetMsmqBinding
—a mixture of both Internet
and intranet bindings, as is required in this scenario. You cannot use
the NetNamedPipeBinding
or the
BasicHttpBinding
, as the former
does not support Message security and the latter does not support
having no credentials in the message (see Table 10-1 and Table 10-3).
Configuring the allowed bindings is done similarly to the previous scenarios. The noticeable difference is in configuring for no client credentials. For example, here’s ...
Get Programming WCF Services, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.