I want to authenticate a client while consuming a Web service. I see a property exposed in the Client called ClientCredential in which we can pass username and password. How can I pass this information to my WCF web service and how can i authenticate the user ID and password?
A:
If you want to use the ClientCredential with Username / Password, you need to configure that in the client side app.config like this - either use transport or message security, whichever works for you, and then specify
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="UserNameSecurity">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
and then you need to use this binding configuration "UserNameSecurity" in your endpoint on the client:
<client>
<endpoint address="http://localhost:8888/MyService"
binding="basicHttpBinding" bindingConfiguration="UserNameSecurity"
contract="IMyService" />
On the server side, you need to define how to authenticate the user - either using Windows (Active Directory Domain), or using the ASP.NET membership providers (and their associated user database):
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="Default">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
In this case, your username/password will be checked against the ASP.NET membership database.
If this is all on an intranet, internally in a company, I would however rather use the integrated Windows security all around - it's much easier to setup and use, and more reliable and secure. But it only works inside the company, inside the corporate firewalls.
Marc
marc_s
2009-07-29 13:48:57