confused how to add NTLM authentication to a webservice


  • hello,

    i am a bit confused how to add NTLM authentication to a webservice.

    this is what i've done so far:

    created a wcf project in vs 2010 and after renaming the default classes to NTLMService and INTLMService, edited the webconfig file this way

    <?xml version="1.0"?>
        <compilation debug="true" targetFramework="4.0" />
            <binding name="NewBehavior">
              <security mode="TransportCredentialOnly" >
                <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" />
          <service name="NTLMService.NTLMService" behaviorConfiguration="NewBehavior">
            <endpoint address="http://localhost:19861/NTLMService.svc" binding="basicHttpBinding"
              bindingConfiguration="NewBehavior" name="Basic" contract="NTLMService.INTLMService" />
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
            <behavior name="NewBehavior">
              <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
              <serviceMetadata httpGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="false"/>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="false" />
        <modules runAllManagedModulesForAllRequests="true"/>

    now, if i call http://localhost:19861/NTLMService.svc?wsdl from the browser,

    i can see the wsdl without providing any kind of authentication, is this normal ?

    also, after creating the client and adding the webservice reference,

    i can call the GetData method without sending any security tokens.

    the question is, is the webservice secured this way ? what i am missing here ?

    thank you in advance.

    12 марта 2012 г. 10:39

Все ответы