If you have ever setup a set of WCF services and tried to have them communicate across physical machines you know that out of the box this is not ‘possible’ due to security constraints. But, it is 100% possible to set up your services to communicate in a pure 'open’ manor and in fact it is dead simple to do this.  Now before anyone starts jumping down my throat, I completely understand that setting up WCF to communicate in a ‘anonymous’ way with no direct security can be a bad thing, but there are times/situations where this is acceptable.

In order to setup clear/anonymous communication you need to make changes to both service side settings and the client side settings.

First lets take a look at what is needed on the service side.

-- Server settings --

   <bindings>
      <wsHttpBinding>
        <binding name="Custom.WSHTTPBinding.Configuration"
                 maxBufferPoolSize="655360"
                 maxReceivedMessageSize="655360">
            <security mode ="None"/>
        </binding>
      </wsHttpBinding>
    </bindings>

<service behaviorConfiguration="Custom.ServiceBehavior"
  name="Custom.CommonEndpoints.Domain.Resources">
    <endpoint address=""
              binding="wsHttpBinding"
              name="Custom.WSHTTPBinding.Configuration"
              bindingConfiguration="Custom.WSHTTPBinding.Configuration"
              contract="Custom.CommonEndpoints.Domain.IResources">
        <identity>
            <dns value="localhost" />
        </identity>
    </endpoint>
    <!—WE DO NOT WANT THIS TURNED ON FOR PRODUCTION
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
     -->
</service>

<behaviors>
  <serviceBehaviors>
    <behavior name="Custom.ServiceBehavior">
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>

What are the settings above telling you?

1. We have  a custom wsHttpBinding section. In this section the item to pay attention to is the <security mode ="None"/> setting.  This tells wcf to send the data in clear text
2. For each of our services we have turned off the mex endpoint.  This will not allow our service to be discovered and have its meta-data exchanged (we are using shared assemblies with our contracts)
3. For each of our services we are using this custom wsHttpBinding section we created

Now that we have seen what is needed on the service side we need to take a look at what is needed on the client side.

-- client settings --

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="Custom.WSHTTPBinding.Configuration"
                closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00"
                sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false"
                hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288"
                maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8"
                useDefaultWebProxy="true" allowCookies="false">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <reliableSession ordered="true" inactivityTimeout="00:10:00"
                    enabled="false" />
                <security mode="None">
                    <transport clientCredentialType="Windows" proxyCredentialType="None"
                        realm="">
                        <extendedProtectionPolicy policyEnforcement="Never" />
                    </transport>
                    <message clientCredentialType="Windows" negotiateServiceCredential="true"
                        establishSecurityContext="true" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address=http://SOMESERVERNAME:9997/Custom/Services/Resources
            binding="wsHttpBinding" bindingConfiguration="Custom.WSHTTPBinding.Configuration"
            contract="IResources" name="Custom.WSHTTPBinding.Configuration">
            <identity>
                <dns value="localhost" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>

1. We have another wsHttpBinding section and again this section has its security mode set to none <security mode ="None"/>

Well, from the client’s perspective that was easy :)

As you can see setting up wcf to allow clear communication is easy and pretty straight forward.  I do want to mention that you should ONLY do this if you know what you are doing and you are not exposing these services to the public.  Of course if you are exposing these services to the public you MUST provide some layer of security on these services.

Till next time,