none
WCF Windows Authenticated Endpoint RRS feed

  • Question

  • I have a sample wcf service,I want to one of endpoint is windows authenticated security ,My Config is like that ,In iis both windows and anynomous authentication is enabled.But I can call my endpoint directly,there is no user info my call code?What I am missing?I want to define multiple endpoints which can be accesible different authentication type for that reason I cannot close anonymous authentication,what is best stragety for that Am I need to develop ServiceAuthorizationManager class or is there anything in wcf configurations

    My second question is,can endpoint work for specific user in windows authentication?I already tried to set userprincialname but it is. not working.

          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service  name="Service">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="WsHttpBindingConfig" contract="IService">
          <!--<identity>
            <userPrincipalName value="xxxxxxx" />
          </identity>-->
        </endpoint>
      </service>

    Tuesday, December 12, 2017 7:56 AM

Answers

  • Hi Bilgehan,

    >> there is no user info my call code?

    How did you get UserInfo?

    I suggest you make a test with below configuration.

      <system.serviceModel>
        <services>
          <service name="WCFDispose.Service1">
            <endpoint address="windows" binding="wsHttpBinding" contract="WCFDispose.IService1" bindingConfiguration="windows"/>
            <endpoint address="anayous" binding="wsHttpBinding" contract="WCFDispose.IService1" bindingConfiguration="anayous"/>
          </service>
        </services>
        <bindings>
          <wsHttpBinding>
            <binding name="windows">
              <security mode="Message">
                <message clientCredentialType="Windows"/>
              </security>
            </binding>
            <binding name="anayous">
              <security mode="None"/>
            </binding>
          </wsHttpBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior>
              <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
            <add binding="basicHttpsBinding" scheme="https"/>
        </protocolMapping>    
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
      </system.serviceModel>
    

    You could access windows endpoint by Windows Authenticaiton, and anayous endpoint without authentication.

    Best Regards,

    Tao Zhou


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, December 13, 2017 6:29 AM

All replies

  • Hi Bilgehan,

    >> there is no user info my call code?

    How did you get UserInfo?

    I suggest you make a test with below configuration.

      <system.serviceModel>
        <services>
          <service name="WCFDispose.Service1">
            <endpoint address="windows" binding="wsHttpBinding" contract="WCFDispose.IService1" bindingConfiguration="windows"/>
            <endpoint address="anayous" binding="wsHttpBinding" contract="WCFDispose.IService1" bindingConfiguration="anayous"/>
          </service>
        </services>
        <bindings>
          <wsHttpBinding>
            <binding name="windows">
              <security mode="Message">
                <message clientCredentialType="Windows"/>
              </security>
            </binding>
            <binding name="anayous">
              <security mode="None"/>
            </binding>
          </wsHttpBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior>
              <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
            <add binding="basicHttpsBinding" scheme="https"/>
        </protocolMapping>    
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
      </system.serviceModel>
    

    You could access windows endpoint by Windows Authenticaiton, and anayous endpoint without authentication.

    Best Regards,

    Tao Zhou


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, December 13, 2017 6:29 AM
  • Hi Tao,Your first answer is okey but what I want to do,for windows authenticated endpoint I want to restrict for specific user or usergroup.Think like that

    <endpoint address="windows" can only Access bilgehan and tao

    and no other windows account can be acess

    <endpoint address="anymous" can be accessible for everywhere but when I want to use

    this endpoint that time I want to implement token based security

    If I restrict users for under system.web that time only windows authenticated endpoint will work

    Wednesday, December 13, 2017 12:32 PM
  • Hi Bilgehan,

    >>Your first answer is okey but what I want to do,for windows authenticated endpoint I want to restrict for specific user or usergroup

    Since your first issue has been resolved, I would suggest you mark the solution as answer to close current thread.

    For the second issue related with restricting for specific user, I suggest you post a new thread.

    It is recommended to discuss one issue in one thread.

    Best Regards,

    Tao Zhou


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, December 14, 2017 2:45 AM