WCF Authentication

By : ng5000
Source: Stackoverflow.com
Question!

We're building some core services in .Net 3.5 and exposing the services via WCF. The services will only be accessed internally (i.e. within the intranet). The services just need to authenticate the calling user's windows credentials and get their AD/functional groups.

The serives need to be exposed using NetTcpBinding and BasicHttpBinding.

What configuration do I need to add to the section for both both binding types? Is it just this:

  <system.serviceModel>
    <services>
      <service name="WCFTest.CalculatorService" behaviorConfiguration="WCFTest.CalculatorBehavior">
        <host>
          <baseAddresses>
            <add baseAddress = "http://localhost:8000/WCFTest/CalculatorService/" />
            <add baseAddress = "net.tcp://localhost:9000/WCFTest/CalculatorService/" />
          </baseAddresses>
        </host>

        <endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService"/>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>

        <endpoint address ="netTcpEP" binding="netTcpBinding" contract="WCFTest.ICalculatorService"/>
        <endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange"/>

      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WCFTest.CalculatorBehavior">          
          <serviceAuthorization impersonateCallerForAllOperations="false"  principalPermissionMode="UseWindowsGroups" />
          <serviceCredentials >
            <windowsAuthentication allowAnonymousLogons="false" includeWindowsGroups="true" />
          </serviceCredentials>    
          <serviceMetadata httpGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

Is that the case? Will this then apply to both my NetTcp and BasicHttp Bindings?

Thanks

By : ng5000


Answers

No. There is nothing to configure for netTcpBinding: it uses Windows authentication by default. For basicHttpBinding, you need to specify the authentication mechanism you wish on the binding configuration (because basicHttpBinding doesn't use authentication by default):

<system.serviceModel>
  <bindings>
    <basicHttpBinding>
      <binding name="DefaultBasicHttpBinding">
        <security mode="TransportCredentialsOnly">
          <transport clientCredentialType="Windows"/>
        </security>
      </binding>
    </basicHttpBinding>
  </bindings>
  <services>
    <service name="WCFTest.CalculatorService" behaviorConfiguration="WCFTest.CalculatorBehavior">
      <host>
        <baseAddresses>
          <add baseAddress="http://localhost:8000/WCFTest/CalculatorService/" />
          <add baseAddress="net.tcp://localhost:9000/WCFTest/CalculatorService/" />
        </baseAddresses>
      </host>
      <endpoint address="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService"/>
      <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      <endpoint address="netTcpEP" binding="netTcpBinding" contract="WCFTest.ICalculatorService"/>
      <endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange"/>
    </service>
  </services>
  <behaviors>
    <serviceBehaviors>
      <behavior name="WCFTest.CalculatorBehavior">          
        <serviceMetadata httpGetEnabled="True"/>
        <serviceDebug includeExceptionDetailInFaults="False"/>
      </behavior>
    </serviceBehaviors>
  </behaviors>
</system.serviceModel>


This video can help you solving your question :)
By: admin