views:

1194

answers:

1

Does anyone know how exactly NTLM authentication works in WCF/basicHttp? I wonder if user credentials are passed for every single service method call, or if some kind of security token is being used for subsequent service method calls.

The exact binding configuration that I am using:

<bindings>
  <basicHttpBinding>
    <binding name="winAuthBasicHttpBinding">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Ntlm" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

I found this type of configuration on the MSDN reference. But I am not sure if this a good idea performance wise. An alternative would be providing a custom GetAuthenticationToken() kind of method to provide a security token for all subsequent requests of the client. This could be done via the Enterprise Library - Security Application Block.

Further details: The service is being consumed by Browsers/Silverlight Clients.

+2  A: 

In this case here, every single method call will be authenticated.

What you're talking about would be what is called "secure sessions", where the client authenticates once against the server and then a common token is used for subsequent exchanges. That secure sessions features however is only available with wsHttpBinding - not with basicHttpBinding.

Marc

marc_s
Unfortunately Silverlight only supports basicHttpBinding. Do you think this authentication overhead is worth caring about?
driAn
Ah yes, you had left out that little detail (Silverlight) in your original post :-) As a rule of thumb, I'd say, if a built-in mechanism is available, first give it a try and see if it really pans out to be a problem. Don't pre-optimize too much.... also WCF in general is known for good to stellar performance, so I assume all these bits and pieces have been performance-tweaked to the maximum. Give it a go and see - if it's *REALLY* a problem, then start looking for another solution....
marc_s