I'm having trouble finding coherent information about this deployment option for a client-server application:
Client side:
- partial trust XBAP client
- windows authentication for single signon
Server side:
- self hosted WCF service running in a windows service
- performing custom role authorization based on a custom authorization policy - by getting the user's WindowsIdentity
we have a WPF rich client which is doing all of the above (except for the XBAP part...), and I've found deploying it using ClickOnce is simple and easy.
however, I'm having difficulties achieving this with XBAP:
- wsHttpBinding which I'm using for the existing client, doesn't seem to windows identity based authorization at the moment. (get an exception when calling service methods, can't get it to pass the windowsIdentity to the server)
- googling shows that this may be fixed in .net 4.0 - see here
- I've tried using basicHttpBinding instead, but this won't work with windows authentication/authorization - unless I use mixed mode for security - which means using an encrypted channel + encrypting the message header containing the windows identity.
- this requires using https as well as deploying a certificate to the client, I would prefer to avoid both.
So, have you been able to find a workaround for this setup? have you been able to deploy a partial trust XBAP application which interacts with a .net 3.5 (or lower) based web service, using windows authentication and windows identity based custom authorization?