My WCF Service is complete with .NET 3.5 and I used wsHttpBinding while implementing my service.
For .NET 3.5 clients, there were no problems, but .NET 2.0 and Java Clients had issues in wsHttpBinding.
So I added a new endpoint with basicHttpBinding with similar security as wsHttpBinding with following criteria in mind:
- I would like to use Custom Username/PasswordValidation, while Transport Security is enabled.
- Windows authentication is not possible.
- I would rather not to add custom Headers to the SOAP messages for authentication.
My basicHttpBinding Configuration is:
<basicHttpBinding>
<binding name="MyService.basicSecureBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"/>
<message clientCredentialType="UserName" algorithmSuite="Basic128"/>
</security>
</binding>
</basicHttpBinding>
and in ServiceBehavior Custom UsernameValidator Class is declared.
But it seems that "TransportWithMessageCredential" cannot be used from .NET 2.0 clients and in order to enable custom username validation, Message security is necessary.
Do you have any suggestions or references to solve this issue?