locked
How many type of authentication is possible in WCF RRS feed

  • Question

  • User88744855 posted

    as far as my knowledge that WCF support form authentication but i like to know how many type of authentication is possible in WCF ? please mention. thanks

    Monday, September 30, 2013 3:32 PM

Answers

  • User2019981500 posted

    Hi here are types of authentications supported in wcf by msdn

    Authentication Options with Transport Security

    The follow authentication options are available when using transport security:

    • None. When using this option, the WCF service does not authenticate the callers. This is not the recommended option from a security perspective—avoid using this option wherever possible.
    • Basic. This option is available with the HTTP protocol only. The client is authenticated by using the username and password against the Microsoft Active Directory® directory service. The client credentials are transported by using a Base64 encode string, which is very similar to a clear string and therefore not the most secure option. The service is authenticated by the Secure Sockets Layer (SSL) certificate used for secure communication.
    • NTLM. This option is available with the HTTP protocol only. The client is authenticated by using a challenge-response scheme against Windows accounts. NTLM authentication is well suited for a workgroup environment and is more secure than Basic authentication. The service is authenticated by using an SSL certificate.
    • Windows. When using this option, the WCF service uses Kerberos authentication when in a domain, or NTLM authentication when deployed in a workgroup environment. This option uses a Windows token presented by the caller to authenticate against the Active Directory. This is the most secure option compared to Basic or NTLM authentication. The service is authenticated by using the Windows credentials of the process identity, or an SSL certificate if you are using the HTTP protocol.
    • Certificate. When using this option, the caller presents an X.509 client certificate that the WCF service validates by trusting the certificate (peer trust) or trusting the issuer of the certificate (chain trust). This option should be used when Windows authentication is not possible, as in the case of business-to-business (B2B) scenarios. The service is authenticated with the service certificate, or by using an SSL certificate if you are using the HTTP protocol.

    Authentication Options with Message Security

    The following authentication options are available when using message security:

    • None. When using this option, the WCF service does not authenticate the callers. This is not the recommended option from a security perspective—avoid using this option wherever possible.
    • Windows. When using this option, the WCF service uses Kerberos authentication when in a domain, or NTLM authentication when deployed in a workgroup environment. This option uses the Windows token presented by the caller to authenticate against the Active Directory. Service is authenticated by using the Windows credentials of the process identity.
    • Username. When using this option, the caller provides a username and password to the service. The service can either authenticate against Windows credentials, use a membership provider such as the Microsoft SQL Server® membership provider, or use a custom validator to validate against the custom store. You should choose this option only when Windows authentication is not possible. The service is authenticated by using a service certificate.
    • Certificate. When using this option, the caller presents an X.509 client certificate. The WCF service looks up the certificate information on the host side and validates it (peer trust), or trusts the issuer of the client certificate (chain trust). This option should be used when Windows authentication is not possible, or in the case of B2B scenarios. The service is authenticated by using a service certificate.
    • Issue token. When using this option, the client and service depend on the Secure Token Service (STS) to issue tokens that the client and service trusts. Microsoft Windows CardSpace™ is a typical example of an STS.

    regards

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, September 30, 2013 3:43 PM