tags:

views:

563

answers:

3
+1  Q: 

wcf - enable windows AND username authentication

Hi,

What are the important configuration points needed to enable a scenario where a WCF service can be called with either the logged-on-users windows credentials or a username/password combination.

I'm pretty sure I know how to set them up, but what I don't know is how I can force usage of the username/password endpoint.

Is it simply a matter of using the constructor that allows you to specify a particular endpoint, and then setting ClientCredentials.UserName.UserName and .Password ?

Thanks.

A: 

You simply need to change the binding on the endpoint;

<wsHttpBinding>
  <binding name="WSHttpUserName">
    <security>
      <transport clientCredentialType="None" />
      <message clientCredentialType="UserName" />
    </security>
  </binding>
</wsHttpBinding>

Now if you want automatic windows authentication then you'll need another endpoint, with another binding at the clientCredentialType of "Windows"

Or you can put it in the transport and not the message, but in any case you will need SSL for username authentication.

blowdart  2009-04-01 21:42:05
A: 

There's a security section in the binding configuration for the services. There you can choose what security mode (None/Transport/Message/TransportWithMessageCredential) do you want to use and then for each particular mode you can customize security settings (things like credential type - UserName/Windows/Certificate etc.). Then on the client side you need to configure bindings accordingly where you setup what type of security mode do you want to use and what kind of identity. You can configure it equally either from your code or using configuration file.

There's a very nice WCF Security Guidance from MS Patterns&Practices. Here is the link: http://www.codeplex.com/WCFSecurityGuide

It has plenty of HoTos for particular scenarios. For example here's walkthrough on how you configure netTcpBinding with Windows Authentication and Message Security from WinForms: http://wcfsecurityguide.codeplex.com/Wiki/View.aspx?title=How%20To%20-%20Use%20netTcpBinding%20with%20Windows%20Authentication%20and%20Message%20Security%20in%20WCF%20from%20Windows%20Forms

bychkov  2009-04-01 21:46:03
A: 

So long as your configuration client endpoints exist in config and are configured for the relevent authentication method, you are right, it is as simple as specifying the configuration name in the constructor and supplying the uname/pwd to the client.

Mark Allanson  2009-04-22 11:49:47

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability