locked
WCF Authentication is not working RRS feed

  • Question

  • User-943207588 posted

    Hi,

    I am using Message Security for WCF authentication. And my clientCredentialType="UserName".

    Even if I am not providing valid username and password while accessing a service, it is working fine.

    It should do authentication, If credentials are correct then only it should allow to access.

    My code is as follows:

    Binding section of Web config of WCF service:

    <bindings>
    <wsHttpBinding>
    <binding name="Binding1">
    <security mode="Message">
    <message clientCredentialType="UserName" />
    </security>
    </binding>
    </wsHttpBinding>
    </bindings>

    --------------------------------------------------------------------------------

    Behaviour section of WCF service:

    ------------------------------------------------------------------------------

    <behaviors>
    <serviceBehaviors>
    <behavior name="AuthenticationBehaviour">
    <serviceCredentials>
    <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfServiceAuthentication.Authenticator, WcfServiceAuthentication"/>
    </serviceCredentials>
    <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
    <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
    <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
    </serviceBehaviors>
    </behaviors>

    --------------------------------------------------------------------------------------------------------------

    username validator:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.IdentityModel.Selectors;
    using System.ServiceModel;
    using log4net;
    using System.Reflection;
    namespace WcfServiceAuthentication
    {
    public class Authenticator : UserNamePasswordValidator
    {
    private static ILog _logger = log4net.LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
    public override void Validate(string userName, string password)
    {
    _logger.Info("Validate called with username:" + userName + " and password:" + password);

    if (null == userName || null == password)
    {
    throw new ArgumentNullException();
    }

    if (!(userName == "Admin" && password == "Admin123"))
    {
    // This throws an informative fault to the client.
    throw new FaultException("Unknown Username or Incorrect Password");
    }

    _logger.Info("End called");
    }
    }
    }

    --------------------------------------------------------------------------------------------------------------

    WCF Service:

    namespace WcfServiceAuthentication
    {
    // NOTE: You can use the "Rename" command on the "Refactor" menu to change the class name "AuthenticationService" in code, svc and config file together.
    // NOTE: In order to launch WCF Test Client for testing this service, please select AuthenticationService.svc or AuthenticationService.svc.cs at the Solution Explorer and start debugging.
    //[ServiceBehavior(IncludeExceptionDetailInFaults = true)]
    [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession, ConcurrencyMode = ConcurrencyMode.Single)]
    public class AuthenticationService : IAuthenticationService
    {

    public int add(int num1, int num2)
    {
    return (num1 + num2);
    }
    }
    }

    --------------------------------------------------------------------------------------------------------------

    Client application:

     AuthenticationServiceClient proxy = new AuthenticationServiceClient();

    //Here I have not provided Credentials then also it is working..

    int addition= proxy.add(10, 10);
    return View();

    Monday, April 29, 2013 1:01 AM

Answers

  • User-1000095884 posted

    Hi,

    From your description, please check it is using the 'Binding1' for your service, you can check it from the service's WSDL. To create a WCF service and client secured using message level security, you can refer a sample in below MSDN document.

    #Message Security with a User Name Client

    http://msdn.microsoft.com/en-us/library/ms731058.aspx

    Best Regards.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, April 30, 2013 1:43 AM