Click here to Skip to main content
15,305,480 members
Please Sign up or sign in to vote.
1.22/5 (2 votes)
Hi Team,
I am developing a sample WCF service with security, as i am new to WCF i just to establish a connection through username and password(Note: no need of SSL certificate).

I am using the following code,

In service the code is

The interface contains the code,
namespace WcfService
    public interface IWcfService
        string GetData();

the inherited class has
namespace WcfService
    public class WcfService : IWcfService
        public string GetData()
            return "Sample Service";

    public class CustomValidator : UserNamePasswordValidator
        public override void Validate(string userName, string password)
            if (userName == "manikandan" && password == "manikandan")




The web.config in the service is

            <service behaviorConfiguration="WcfService.WcfServiceBehavior" name="WcfService.WcfService">
                <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" contract="WcfService.IWcfService">
                        <dns value="localhost"/>
                <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
                <behavior name="WcfService.WcfServiceBehavior">
                    <serviceMetadata httpGetEnabled="true"/>
                    <serviceDebug includeExceptionDetailInFaults="false"/>
        <binding name="MyBinding">
          <security mode="None">
            <message clientCredentialType="UserName"/>

And i am consuming the service in the web application as follows,
I am just adding the service reference and invoke the service using the following code,
ServiceReference1.WcfServiceClient client = new WcfServiceClient();
        client.ClientCredentials.UserName.UserName = "manikandan";
        client.ClientCredentials.UserName.Password = "manikandan";
        string state= client.State.ToString();
        string val= client.GetData();
        txtEmpId.Text = val;

where ServiceReference1 is the name for my service

Could you guys see the code and tell me what mistake i made, i placed debugger on every method, the CustomValidator is not firing, so it is not authenticated. How can i secure it, with just username and password without certificate.
Thanks in advance.
Updated 25-Jul-13 1:22am

1 solution

The whole idea is wrong. Hard-coding a password simply makes no sense and is totally unsafe. More generally, storing passwords anywhere is unsafe. This is not how password-based security works. If you think that comparing with a password is needed for authentication, think again. Absolutely not.

Surprised? Disagree? Then please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].

Good luck,

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900