I want to use transport security mode with username/password authentication and ssl, it works fine with windows authentication:
<transport clientCredentialType="Windows"/>
I found an article on msdn that explain how to do username/password authentication with transport security mode, but custom http module is required. I am interested why there is no default security mode like:
<transport clientCredentialType="Username"/>
I am fine with message security mode if i need username/password authentication, but if all sites uses https/ssl for authentication there shouldn't be a problem doing so in wcf.
Thanks in advance.
The question is wrongly asked. WCF allows using transport security with custom user name / password validation. Transport security modes use standardized authentication modes for given transport protocol and HTTP doesn't have any standardized "UserName" authentication mode. It has equivalent mode called Basic authentication:
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
By default Basic authentication expects Windows account but you can switch validation with custom UserNamePasswordValidator. The problem is that this works only with self hosted services. It doesn't work when hosting services in IIS. This is why the question is wrongly asked. The problem is not in WCF but in IIS.
When you host the service in IIS, it takes responsibility for authentication and authentication. Default module for Basic authentication in IIS supports only Windows accounts. That is the reason why you need custom module to use non windows account.
As @Marc mentioned in comment you can also use TransportWithMessageCredential security mode:
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
In this scenario authentication is not performed on transport protocol. It is part of message (it uses WS-Security's UserNameToken profile standard). You can again use custom UserNamePasswordValidator and this time it works for both self hosted and IIS hosted SOAP services (SOAP is mandatory requirement).
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《Why wcf doesn't allow without a http module, u》','https://www.manongdao.com/article-911382.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}