We've got a WCF-REST service running on http://www.domain.com/service.svc. An external company is making calls towards this webservice and since sensitive data can be transmitted we want the service to run under SSL and use Basic Authentication.
We've got the SSL running, but we've got an issue with the Basic Authentication. The web.config looks like this;
<behaviors>
<endpointBehaviors>
<behavior name="REST">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<webHttpBinding>
<binding name="webBindingMobile">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</webHttpBinding>
<services>
<service name="Website.Mobile.Webservice">
<endpoint address="" behaviorConfiguration="REST" binding="webHttpBinding" contract="Website.PaymentProxy.Services.Proxy.IProxyClientInterface" bindingConfiguration="webBindingMobile" />
</service>
<service name="Website.Mobile.ShoppingCartService">
<endpoint address="" behaviorConfiguration="REST" binding="webHttpBinding" contract="Website.PaymentProxy.Services.Proxy.Cart.Interfaces.IShoppingCartService" bindingConfiguration="webBindingMobile" />
</service>
</services>
What we want is just a simple username and password (preferably) stored in the web.config. The company making the calls to our webservice should then enter these credentials in their code to be able to make calls to our service. How can we configure this?
