What is basic authentication in the web service

Transport security with basic authentication

  • 2 minutes to read

The following figure shows a Windows Communication Foundation (WCF) service and client. The server requires a valid X.509 certificate that can be used for Secure Sockets Layer (SSL), and the clients must trust the server's certificate. In addition, the web service already has an implementation of SSL that you can use. For more information about how to enable Basic Authentication for Internet Information Services (IIS), see /iis/configuration/system.webserver/security/authentication/basicauthentication.

characteristicDESCRIPTION
Safety modetransport
InteroperabilityWith existing web service clients and services
Authentication (server)

Authentication (client)
Yes (using HTTPS)

Yes (using username / password)
integrityYes
confidentialityYes
transportHTTPS
bindingWSHttpBinding

service

The following code and configuration run independently. Do one of the following:

  • Create a separate service by using the code with no configuration.

  • Create a service with the configuration provided, but do not define endpoints.

code

The following code shows how to create a service endpoint that uses a username and password for the Windows domain to ensure transmission security. Note that the service requires an X.509 certificate to authenticate the client. For more information, see Working with Certificates and How to: Configure a Port with an SSL Certificate.

configuration

The following code configures a service to use Basic authentication with transport-level security:

Client

code

The following code shows the client code that includes the username and password. Note that the user must provide a valid Windows user name and password. The code to return the username and password is not shown here. Use a dialog box or other UI element to get the information from the user.

Note

You can only set the username and password by using code.

configuration

The following code shows the client configuration.

Note

You cannot use the configuration to set the username and password. The configuration shown here needs to be expanded using code to set the username and password.

additional Information