views:

4883

answers:

4

I have a WCF service using BasicHttpBinding with Windows authentication. Most clients are domain accounts and connect to the service using their default credentials.

Now I want to connect to the service from an ASP.NET client that is running under a local account. I want to connect to the WCF service using windows credentials (domain\user and password) that are available to the ASP.NET application.

I know I can do this in code using ClientBase<T>.ClientCredentials.

Is there a way to specify the credentials (domain\user and password) in the client's web.config file so I don't have to change the code?

EDIT

If it can't be done in the configuration file, is there a way of using System.Net.ICredentials or System.Net.NetworkCredential as a credential for a WCF service?

The .NET Framework provides these as a homogenous way to provide network credentials, but with WCF this seems to have been thrown out in favour of a new incompatible system based on the unrelated System.ServiceModel.Description.ClientCredentials class.

EDIT 2

Accepting Marc's answer to the original question - it seems there is no way to do this in the client configuration file :(

I would see this as a deficiency in WCF - I don't accept that Microsoft should be deliberately discouraging us from putting credentials in the configuration file - after all they have to be stored somewhere, and the Framework includes facilities for encrypting the config file. I guess I could create a custom BehaviorExtensionElement for this, but it ought to be available out of the box.

Regarding the second question about using System.Net.NetworkCredential, it seems from this blog that it is possible, at least when using Windows authentication, with the following code:

factory.Credentials.Windows.ClientCredential =
   new System.Net.NetworkCredential(name, password, domain);
+2  A: 

You can't specify your credentials in the config file, unfortunately - you have to do this in code (most likely because otherwise you might end up with credentials in your config file, in plain text - not a good thing....).

Marc

marc_s
"...in your config file, in plain text" is not generally a good thing, but in the config file encrypted is OK.
Joe
A: 

Have you tried this?

<system.web>
      <identity impersonate="true" userName="username" password="password"/>
</system.web>
Ryan Rauh
No this doesn't really help - the ASP.NET server isn't trusted for delegation.
Joe
+1  A: 

I don't know much about WCF and understand that there isn't a mechanism to specify the credentials within the <binding> tags but why not do this:

 Svc.ClientCredentials.UserName.UserName = AppSettings["WCFSvcUsername"];
 Svc.ClientCredentials.UserName.Password = AppSettings["WCFSvcPassword"];
Lewis
that would work - but I'd strongly recommend encrypting your config file in this case!
marc_s
Yes I know I can do it in code, I want to avoid changing the code.
Joe
Joe - my example would allow you to then specify your username and password in the app/web.config file as you can't do it natively.
Lewis
A: 
Svc.ClientCredentials.UserName.UserName = AppSettings["WCFSvcUsername"];
Svc.ClientCredentials.UserName.Password = AppSettings["WCFSvcPassword"];

is incorrect. It is used with message security and clientCredentialType="UserName". You should use

Svc.ClientCredentials.Windows.ClientCredential = new NetworkCredential(...);
Steven
I did not your complete post. You have already know the answer of the question - sorry.
Steven
Although this is a very old question I post this for anyone with the same problem.
Steven