Secure IIS-Hosted WCF-Service and use it in Xamarin.Forms

Question

I have an IIS-hosted WCF-service-application running on IIS-10. The WCF is already running on https. My problem is that the service is currently accessible to everybody over the link that I have configured on IIS.  The WCF is meant to transfer data between my Xamarin.Forms-App and a SQL-Database. I want to know how I can make my service secure over authentication(username, password?) or something like that, and how I can authenticate in Xamarin.Forms to "open" the connection. 

I haven't found anything matching my case on Google, so maybe you can help me solve my problem. 

Answer 1

You may use Multiple Authentication Schemes with WCF for Authentication. For IIS-hosted services, authentication can be set accordingly based on what is selected in IIS.

The element ServiceAuthenticationBehavior or <serviceAuthenticationManager> is used for authentication service. This article has a more detailed explanation.

ServiceAuthenticationBehavior sab = null;  
sab = serviceHost.Description.Behaviors.Find<ServiceAuthenticationBehavior>();  
  
if (sab == null)  
{  
    sab = new ServiceAuthenticationBehavior();  
    sab.AuthenticationSchemes = AuthenticationSchemes.Basic | AuthenticationSchemes.Negotiate | AuthenticationSchemes.Digest;  
    serviceHost.Description.Behaviors.Add(sab);  
}  
else  
{  
     sab.AuthenticationSchemes = AuthenticationSchemes.Basic | AuthenticationSchemes.Negotiate | AuthenticationSchemes.Digest;  
}  

And use element <serviceAuthenticationManager> in config file:

<behaviors>  
      <serviceBehaviors>  
        <behavior name="limitedAuthBehavior">  
          <serviceAuthenticationManager authenticationSchemes="Negotiate, Digest, Basic"/>  
          <!-- ... -->  
        </behavior>  
      </serviceBehaviors>  
</behaviors>  

You could read the article about Authentication of Xamarin.Forms for more help.