tags:

views:

120

answers:

1
Q: 

Kerberos Authentication with WCF customBinding

Hello Sir,

I am using an ASMX web service and creating a WCF Client for the service with customBinding. In the customBinding security section, I am using the authenticationMode as "KerberosOverTransport" and using HTTP as Transport medium. Please see the below code.

<customBinding>
    <binding name="Service1Soap" closeTimeout="00:01:00" openTimeout="00:01:00"
      receiveTimeout="00:10:00" sendTimeout="00:01:00">
      <security allowSerializedSigningTokenOnReply="true" authenticationMode="KerberosOverTransport"
        requireDerivedKeys="false" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
        messageSecurityVersion="Default" requireSecurityContextCancellation="false">
        <secureConversationBootstrap />
      </security>
      <textMessageEncoding messageVersion="Soap11" />
      <httpTransport authenticationScheme="Ntlm" unsafeConnectionNtlmAuthentication="false" />
    </binding>
  </customBinding>
</bindings>
<client>
  <endpoint address="http://localhost:1612/TestService.asmx" binding="customBinding"
    bindingConfiguration="Service1Soap" contract="WCFProxy.Service1Soap"
    name="Service1Soap" />
</client>

When I create an instance of the Proxy class and call the Hello World method of the Web Service I get the following exception.

"The 'CustomBinding'.'http://tempuri.org/' binding for the 'Service1Soap'.'urn:Service1' contract is configured with an authentication mode that requires transport level integrity and confidentiality. However the transport cannot provide integrity and confidentiality."

==========================================================================================

at System.ServiceModel.Dispatcher.SecurityValidationBehavior.SoapOverSecureTransportRequirementsRule.ValidateSecurityBinding(SecurityBindingElement securityBindingElement, Binding binding, ContractDescription contract) at System.ServiceModel.Dispatcher.SecurityValidationBehavior.ValidateSecurityBinding(SecurityBindingElement sbe, Binding binding, ContractDescription contract) at System.ServiceModel.Dispatcher.SecurityValidationBehavior.ValidateBinding(Binding binding, ContractDescription contract, SecurityBindingElement& securityBindingElement) at System.ServiceModel.Dispatcher.SecurityValidationBehavior.System.ServiceModel.Description.IEndpointBehavior.Validate(ServiceEndpoint serviceEndpoint) at System.ServiceModel.Description.ServiceEndpoint.Validate(Boolean runOperationValidators, Boolean isForService) at System.ServiceModel.Channels.ServiceChannelFactory.BuildChannelFactory(ServiceEndpoint serviceEndpoint) at System.ServiceModel.ChannelFactory.CreateFactory() at System.ServiceModel.ChannelFactory.OnOpening() at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ClientBase1.System.ServiceModel.ICommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.ClientBase1.Open() at WCFClient.Program.Main(String[] args) in D:\Rakesh\Test Projects\WebServiceCustomBinding\WCFClient\Program.cs:line 16 at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args) at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args) at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart()

I am struck with no luck on googling this exception. It has been 2 days now with the R & D part. Please provide me some help on this Issue. I will be very pleased upon your help!

Regards, Rakesh.

A: 

Try to use BasicHttpBinding with following security instead:

<bindings>
  <basicHttpBinding>
    <binding name="Secured">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

Also you can check this article - there is a part about setting client.

Ladislav Mrnka  2010-08-25 14:44:55
I have tried with basicHttpBinding prior to starting with customBinding. The reason I am using customBinding is that my application needs to be interoperable with Java Web Services which needs Kerberos Authentication for SSO implementation. More over the Java web service may be installed on any kind of platform other than Windows, so on that platform Windows clientCredentialType may not work. Thanks for your reply. Can you suggest me a solution for mentioned requirement?? Sorry for not giving these details before!
Rakesh Nagpal  2010-08-26 05:19:16
Than you need that Java Web Service for testing. It would be awesome if you have WSDL of that service with security policies describing its configuration. At the moment you are trying to simulate the service with ASMX which is not the same as Java one.
Ladislav Mrnka  2010-08-26 07:50:48
Yes, I understand. My actual requirement is to build a WCF client in C#.NET which would implement Kerberos Authentication for implementing SSO. This in turn would be consumed by a Java Windows application for Authenticating User and assigning a Kerberos Token. Currently the Java application is not yet ready so I am trying to make this client work with ASMX Web Service only. Later on when tested successfully with ASMX service, I will try to integrate this Client with the Java Application.
Rakesh Nagpal  2010-08-27 05:45:35

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability