Silverlight client identity not always passed to server?

Question

I have a Silverlight client that has some problems talking to the server it originates from via a WCF basicHttpBinding. The service configuration is as follows:

<system.serviceModel>
  <bindings>
    <basicHttpBinding>
      <binding name="silverlightBinding">
        <security mode="TransportCredentialOnly">
          <transport clientCredentialType="Windows" />
        </security>
      </binding>
    </basicHttpBinding>
  </bindings>
  <services>
    <service name="MyServices.ImportService">
      <endpoint address="" binding="basicHttpBinding"
                contract="MyServices.IImportService"
                bindingConfiguration="silverlightBinding" />
    </service>
  </services>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
</system.serviceModel>

The server is an IIS6 web server that is configured to use integrated authentication. The application pool identity is a domain account.

Now some calls from the Silverlight client to the web server include the client identity (the domain user that accesses the client) and some do not! I have included a part of the IIS log to show this:

2009-12-09 14:10:00 W3SVC1490499214 10.0.0.113 GET /ClientBin/MySLApp.xap - 80 BROWNIE\TestUser 10.0.0.216 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1) 304 0 0
2009-12-09 14:12:33 W3SVC1490499214 10.0.0.113 POST /Services/ImportService.svc - 80 - 10.0.0.216 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1) 401 2 2148074254
2009-12-09 14:12:33 W3SVC1490499214 10.0.0.113 POST /Services/ImportService.svc - 80 - 10.0.0.216 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1) 401 2 2148074254
2009-12-09 14:12:33 W3SVC1490499214 10.0.0.113 POST /Services/ImportService.svc - 80 - 10.0.0.216 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1) 401 1 0
2009-12-09 14:12:33 W3SVC1490499214 10.0.0.113 POST /Services/ImportService.svc - 80 BROWNIE\TestUser 10.0.0.216 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1) 200 0 0
2009-12-09 14:12:33 W3SVC1490499214 10.0.0.113 POST /Services/ImportService.svc - 80 - 10.0.0.216 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1) 401 1 0
2009-12-09 14:12:34 W3SVC1490499214 10.0.0.113 POST /Services/ImportService.svc - 80 BROWNIE\TestUser 10.0.0.216 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1) 200 0 0
2009-12-09 14:12:34 W3SVC1490499214 10.0.0.113 POST /Services/ImportService.svc - 80 - 10.0.0.216 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1) 401 1 0
2009-12-09 14:12:34 W3SVC1490499214 10.0.0.113 POST /Services/ImportService.svc - 80 BROWNIE\TestUser 10.0.0.216 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1) 200 0 0

If you scroll a little to the right, you see that for some requests an identity is known (BROWNIE\TestUser). For most requests, however, this is not the case. It's as if the client 'randomly' chooses when to send an identity along.

Has anyone ever seen this behavior and found a solution?

Answer 1

Looks to me like 3 standard authentication handshakes (2 401's each) followed by a succesful access (200). If you are seeing a lot of these in quick succession then this indicates that connections to the server are not being re-used for subsequent access. I'm not a wcf expert it could be that this is normal, although I'd be disappointed if this could not be configured away some how.

Answer 2

I've experienced similar behaviour with a silverlight app.. turned out to be one of these problems:

WCF bug 1

WCF bug 2

Blog infosupport

It does not happen in Windows 7, but on some windows Server versions it does.. can't remember which.