Friday, April 13, 2012 9:33 AM
I'm using a Wcf service in an intranet application for transfer data. And I want the service pops up the native Microsoft Windows logon dialog to authenticate user in domain before transfering data. Once user logged on and saved his credential, the dialog is never popped up again. I've searched in many forums and articles but seem there isn't a proper solution that i want.
Can anyone give me an idea or tips ?
Thanks in advance.
Friday, April 13, 2012 12:28 PM
I find it a bit weird that you are prompting for credentials on an intranet as all users have already been authenticated. But anyhow...
You can make this happen using a security mode of Message or TransportWithMessageCredentials using wsHttpBinding. You can also do this with basicHttpBinding but you only have the security mode option of TransportWithMessageCredentials. The clientCredentialType should be set to UserName. You need to then create a form in your client application that prompts the user for their credentials.
The default username and password validator for clientCredentialType UserName is windows so this type of configuration will suit your needs.
Let me know if you require a working example. Also, you must have a certificate installed that you can use for data encryption between the service and client.
Friday, April 13, 2012 12:51 PM
Thank you for reply. I mean this service is accessible too for users in other domain in the same company, with the Windows logon dialog similar to this:
My application that connects to the web service is a desktop application written in C#(.Net 4.0).
Could you show me a working example what you said above? It's very urgent with me. Thank you very much.
Friday, April 13, 2012 2:02 PM
This is the service configuration:
<?xml version="1.0"?> <configuration> <system.web> <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/> <pages> <namespaces> <add namespace="System.Runtime.Serialization"/> <add namespace="System.ServiceModel"/> <add namespace="System.ServiceModel.Web"/> </namespaces> </pages> </system.web> <system.serviceModel> <services> <service name="Service"> <endpoint address="" binding="wsHttpBinding" contract="IService" bindingConfiguration="wsHttp"/> </service> </services> <bindings> <wsHttpBinding> <binding name="wsHttp"> <security mode="Message"> <message clientCredentialType="UserName" negotiateServiceCredential="false"/> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior> <serviceMetadata httpsGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="false"/> <serviceCredentials> <serviceCertificate storeLocation="LocalMachine" storeName="My" findValue="localhost" x509FindType="FindByIssuerName"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>
This is the client config after running svcutil (I cleaned it up a bit for clarity):
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <wsHttpBinding> <binding name="wsHttp"> <security mode="Message"> <message clientCredentialType="UserName" negotiateServiceCredential="false"/> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="http://intadec/WCFWindowsDialog/Service.svc" binding="wsHttpBinding" bindingConfiguration="wsHttp" contract="ServiceReference1.IService"> <identity> <certificate encodedValue="AwAAAAEAAAAUAAAAMI797mRT//aMQC5ezu5bi7nqphkgAAAAAQAAAPIBAAAwggHuMIIBW6ADAgECAhCiQ/CIKG+KiEGhUFeqDCofMAkGBSsOAwIdBQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTAwMDEwMTAzMDAwMFoXDTM2MDEwMTAzMDAwMFowFDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3dwFp0iv6lj+55cNm5BmS2qt3yH0EFaLHmxDz3I2vvNT2X7zg6yvddS1b8WLYchBr2OQQE9e8dKEOksaMvB89qzcVaWsew+OaPWJjcHOYPJjShM5PmLg/KlVuesUor+2oJK3Fplr62xwU3AaM1GFXTVrEhwUJ3r2TNMzisjvjWwIDAQABo0kwRzBFBgNVHQEEPjA8gBBYz2dxZYPPghiA4kDrJ3JyoRYwFDESMBAGA1UEAxMJbG9jYWxob3N0ghCiQ/CIKG+KiEGhUFeqDCofMAkGBSsOAwIdBQADgYEAsrc9S8s5GQZ4OaM+CGPhhSuF5SFSpB7x2800Fea3g3NIYZuE9yq9pcbdY5p2xdGfMg1gjd8lTm/JDLPw4JJJ4/e4KQvhSLx1tyrbZNB9QiTwso8c31dZZRc4yWdN7w0APhfVCpf0GUsqAUtkjoneuNGKyEUycXkqnpjIFGqmPDc=" /> </identity> </endpoint> </client> </system.serviceModel> </configuration>
And this is the code on the client form that calls the service. You will have to create a form to populate the Username/Password so you don't have to hard code:
Dim service As New ServiceReference1.ServiceClient service.ClientCredentials.UserName.UserName = "Domain\Username" service.ClientCredentials.UserName.Password = "Password" Dim i = service.GetData(21)
For the service in IIS, make the Authentication Type Anonymous. WCF will handle the authentication. This also allows you to generate a proxy using svcutil
Friday, April 13, 2012 7:17 PM
Friday, April 13, 2012 7:34 PM
Mike, This was a question regarding a WCF service used in an intranet environment and not an ASMX service being called by Javascipt. The answer I supplied is appropriate for that senario.
If the answer to this question doesn't suit your needs then you are more than welcome to post a question in the forum with your specific requirements.
- Edited by Dragan Radovac Friday, April 13, 2012 7:34 PM
Friday, April 13, 2012 7:37 PM
ok thx , I'll do that.
Sunday, April 15, 2012 2:08 PMModeratorHello, while rupex pointed how to use username authentication, it does not work for you scenario, as you want to use Windows authentication. You should not ask for user's Windows credential in your application and verify it manually. If you want to authenticate users from another domain, the recommended solution is to establish trust relationship between your domain and the other domain. Then you don't need to do anything in your application, and it can work with users from the other domain. As long as the user logs in to Windows with their domain account, they won't even see the dialog in your screenshot. Everything works as if you're in the local domain. But configuring Active Directory is no longer in WCF's scope. You need to ask your IT to establish the trust relationship. They can refer to http://technet.microsoft.com/en-us/library/cc770299.aspx for more information.
Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
If you have feedback about forum business, please contact email@example.com. But please do not ask technical questions in the email.
- Marked As Answer by Yi-Lun LuoModerator Thursday, April 19, 2012 9:26 AM
Monday, April 16, 2012 7:24 AMThanks rupex, your solution does not work as I really want but it gives me useful ideas.
Monday, April 16, 2012 7:48 AMThanks Yi-Lun Luo i will try to do that