is wcf ClientCredential username and password secure?

Question

I have a wcf and upload it on my host on a web farms and use this secure mode:

  <basicHttpBinding>
    <binding name="BasicHttpBinding_IHelinusSMSService">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType= "Ntlm" proxyCredentialType="None" realm="" />
        <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </basicHttpBinding>

in my client if I want to use this wcf service I must to add a my domain user name and pass.

my client codes are;

 using (var myService = new MyServiceClient())
            {
              myService.ClientCredentials.Windows.ClientCredential.UserName = "abcd";
              myService.ClientCredentials.Windows.ClientCredential.Password = "123";
           .
           .
           .
           }

if I do not use my domain user name and password I will get this error:

"The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The     
 authentication header received from the server was 'Negotiate,NTLM'."

I want to know is it secure to use my username and pass word like this and it is hackable and is secure or not ?

"because if some one can hack it it can access to all my domain host and files and .... and I will f...up"

score 0 · Answer 1 · answered Mar 11 '14 at 14:51

0

Yes. When you providing username and password, you must use transport security. Data is protected by the transport layer (https/ssl).

answered Mar 11 '14 at 14:51

Lukas Kubis

929
5
17

is wcf ClientCredential username and password secure?

1 Answers1