tags:

views:

305

answers:

3
Q: 

WCF windows credentials

Hi there,
my client on server A calls a service on B which calls a service on C.
In order to get the call working from B->C I have to do this: 

channel.Credentials.Windows.ClientCredential = 
   new System.Net.NetworkCredential("WndowsUserName", "WindowsPassWord");  
IService1 service = channel.CreateChannel();

etc...

the user name and password are the windows credentials used from A->B Of course I do not want to hardcode this so how can I do this without hardcoding?

I tried, with no luck: 

WindowsIdentity callerWindowsIdentity = 
    ServiceSecurityContext.Current.WindowsIdentity;  
using (callerWindowsIdentity.Impersonate())
A: 

Perhaps the class

System.Net.CredentialCache

could be helpfull ... It has the DefaultCredentials and DefaultNetworkCredentials properties that you can use. Offcourse, you will have to make sure that your application runs under the credentials that you want (that is , the credentials of the current user). This can be done by calling

AppDomain.CurrentDomain.SetPrincipalPolicy (PrincipalPolicy.WindowsPrincipal);

At the start of your program.

Then, when you initialize the WCF service, you can use the DefaultNetworkCredentials provided by the CredentialCache.

channel.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
IService1 service = channel.CreateChannel();
Frederik Gheysels  2009-08-10 09:06:46
+1  A: 

Use 

System.Net.CredentialCache.DefaultNetworkCredentials

property. It represents the authentication credentials for the current security context in which the application is running. Details can be found here.

malay  2009-08-10 09:15:43
DefaultNetworkCredentials has all empty properties when i run it in the client app and from inside my service!?! And that link is in chinese :)
 2009-08-10 11:03:43
A: 

It seems to be a "double hop" authentication problem. In short, NTLM doesn't alllow more than one "hop" with it's credentials (token). So user authenticates on server 1 with it's token, and in turn, server 1 tries to send the token to server 2. This won't work, unless Kerberos deleguation is allowed between server 1 and 2.

More details here : http://weblogs.asp.net/owscott/archive/2008/08/22/iis-windows-authentication-and-the-double-hop-issue.aspx And here : http://blogs.msdn.com/nunos/archive/2004/03/12/88468.aspx

mathieu  2009-08-10 09:31:08
Does the same apply when hoasting in a console app? I'm guessng yes are that is what i'm doing! So if using Windows Authentication is the work around what i am doing i.e. use a different users account information to go past the first hop?
 2009-08-10 11:14:54
Yes it applies. NTLM token can only "do" one hop. If you want to allow more hops, you have to use Kerberos delegation to "allow" one server to transmit the token it has to another server.
mathieu  2009-08-11 07:22:52

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?