views:

48

answers:

1

We have a system where the users access a web server, the web server then calls a WCF service.

We would like the call to the WCF service to be made in the security context of the windows identity of the application pool on the web server.

What is the best way to do this? Can it be done purely through configuration in the web.config file.

Thanks

Shiraz

+4  A: 

Yes, you should be able to do this, all in config:

<system.serviceModel>
  <bindings>
     <netTcpBinding>
        <binding name="WinAuth" mode="Transport">
           <transport clientCredentialType="Windows" />  
        <bindings>
     </netTcpBinding>
  </bindings>
</system.serviceModel>

Of course, depending on your binding, you'd have to use a different tag under the <bindings> parent node - and of course, not all bindings support all security modes.....

In your endpoint, use the appropriate binding and then just reference this config:

<endpoint name="WCFService" address="......." 
          binding="netTcpBinding"
          bindingConfiguration="WinAuth"
          contract="......" />

That should do it! And of course, if you need message security instead of transport security, you can do that, too.

In your WCF service method, you can check to see whether or not the Windows credentials have been sent over, and what they are, by checking:

ServiceSecurityContext.Current.WindowsIdentity

This will be NULL if you don't have a Windows caller, otherwise it will show who called you.

Marc

marc_s