What is the least resistance approach for enabling WCF username security in a development environment that utilizes Cassini that will allow us to configure that same solution using TransportWithMessageCredential in production?
We have already gotten this to work in a distributed environment where the hosting server has SSL enabled.
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
However, this won't work in Cassini (Visual Studio's Web server) because it requires SSL. From what I have re开发者_运维技巧ad, WCF intentionally prevents you from transmitting username/password in plain text.
This leaves me with Message security using an X509 certificate or TransportWithMessage security using local IIS and attaching the debugger to w3wp.exe. Both solutions will result in developers spending additional time setting up and troubleshooting (compared to the unsecured solution that runs immediately after checking out and compiling).
I want something that can be checked out, built, and run with minimal effort.
There is additional solution - install IIS express and use it instead of Cassini. That will allow you to use the same configuration with self signed certificate for development (IIS Express supports HTTPS).
精彩评论