WCF configuration supporting both Anonymous & Windows Auth
-
26. dubna 2012 15:23
Hi
I have an application consuming a WCF service which is set to Anonymous Authentication which uses a custom serviceAuthorization to apply the Authentication\Authorisation. (see following)
<system.serviceModel> <behaviors> <serviceBehaviors> <behavior name="MyBehavior"> <serviceDebug includeExceptionDetailInFaults="true" /> <serviceMetadata httpGetEnabled="true" /> <serviceAuthorization principalPermissionMode="Custom"> <authorizationPolicies> <add policyType="Namespace.AuthorizationPolicy, Namespace.Module" /> </authorizationPolicies> </serviceAuthorization> </behavior> </serviceBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="MyBinding" > <security mode="Message"> <transport clientCredentialType="Windows" proxyCredentialType="Windows" /> <message clientCredentialType="Windows" /> </security> </binding> </wsHttpBinding> </bindings> <services> <service behaviorConfiguration="MyBehavior" name="Namespace.MyService"> <endpoint address="" binding="wsHttpBinding" bindingConfiguration="HttpBinding" bindingName="" bindingNamespace="http://Namespace.MyContracts" contract="Namespace.IService" /> <endpoint address="mex" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange" /> </service> </services> </system.serviceModel>Using this method WCF calls my custom AuthorizationPolicy which creates and adds a customPrincipal to the evaluationContext. Pretty standard stuff.
However I would like to also support Windows Authentication as well as Anonymous on the service. I figure I can remove the custom serviceAuthorization and implement it in code on the server to give me comparable behaviour but I and unsure of how to go about adding additional service endpoints\bindings\behaviours to the existing config which would allow the authentication to work interchangeably between Anonymous and Windows Auth.
Any guidance would be appreciated
Všechny reakce
-
27. dubna 2012 1:59ModerátorHello, you can't enable both Windows authentication and anonymous authentication. If you do so, only anonymous authentication will be used. Basically everyone can use your service without any authentication.
Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email. -
1. května 2012 13:06
Hi, thanks for your reply.
I do not wish to enable both Anonymous and Windows Authentication. I would like to create a config which contains bothe a service that would work if the site was set to Anonymous and a service that could be used if the site subsequently had windows authentication enabled and anonymous disabled. Sorry for not being clear.
I have however now added a service which uses basicHttpBinding to cover the windows authentication option and created a corresponding .svc file but I am still unsure if I need to create a separate service proxy for this option or whether I can somehow alter the current proxy to work with both.
-
2. května 2012 1:23Moderátor
Since you're using wsHttpBinding with message security (over http), you have to enable anonymous authentication in IIS. WCF security configuration must accommodate to IIS authentication configuration. You can get more information on http://social.msdn.microsoft.com/forums/en-US/wcf/thread/442be0c8-309e-4000-9311-57189ae7a900.
But ultimately what you need to do is just modify the web.config when you need to host in different IIS environments, which can be done by an ITPro. You don't need to recompile the service project.
Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.- Označen jako odpověď Parsley L 3. května 2012 7:55
