locked
Unable to get the Client Credentials in a WCF service RRS feed

  • Question

  • I have a website running under credentials  "DomainName\UserName" on a server(custom App Pool)

    I have a seperate  "WCF Service" on another machine.

    I want to make sure  the WCF service  is accessed "only" through that website by authenticating the client credentials (Website Credentials)

    Everytime the credentials that im getting on the WCF service are  "LocalMachineName\ASPNET" ( Im expecting the "DomainName\UserName", so that i can authenticate)

    Please let me know your suggestions.

    Thank you very much

    Tuesday, April 5, 2011 3:13 PM

Answers

  • I changed the binding from BasicHttpBinding to WsHttpBinding, i modified the config in both wcf service and Client as follows

     <wsHttpBinding>
              <binding name="securingWSHttpBinding"  >
                <security mode ="Message">
                  <transport clientCredentialType="Windows" />
                  <message establishSecurityContext="true" />
                </security>
              </binding>
          </wsHttpBinding>

    You cannot use the establish security Context using the BasicHttpBinding ( I dont know why )

    If you do not set the establishSecurityContext ---it will be returned always as null

    Please keep in mind that you need to change the "http" links to "https" for the "WsHttpBinding"

    Once you configure the bindings

     

    if the client is hosted on a server (it will be running under "Domain\\GenuineUserName" )

    On the client side (for testing purpose on my local machine), I added the following code

    client.ClientCredentials.Windows.ClientCredential.Domain = "Domain";
    client.ClientCredentials.Windows.ClientCredential.UserName = "GenuineUserName";
    client.ClientCredentials.Windows.ClientCredential.Password = "ValidPassword";

     

    use the following code on the WCF service side to extract the user identity( In my case Domain\\userName)

    ServiceSecurityContext dc = ServiceSecurityContext.Current;( u need to add the required namespaces)

    if you look into dc=>PrimaryIdentity=>Username=>"Domain\\UserName" Yippie

    Thanks for all the valuable suggestions and guidance.

    • Marked as answer by Yi-Lun Luo Monday, April 11, 2011 8:56 AM
    Thursday, April 7, 2011 7:56 PM

All replies

  • Hello,

    You need to write your own ServiceAuthorizationManager. You can find more information about this subject on:
    http://msdn.microsoft.com/en-us/library/ms731774.aspx

    I recently had to implement something similar, I found this MSDN magazine also very helpfull:
    http://msdn.microsoft.com/en-us/magazine/cc948343.aspx

    Regards,
    Pieter

    Tuesday, April 5, 2011 5:54 PM
  • I changed the binding from BasicHttpBinding to WsHttpBinding, i modified the config in both wcf service and Client as follows

     <wsHttpBinding>
              <binding name="securingWSHttpBinding"  >
                <security mode ="Message">
                  <transport clientCredentialType="Windows" />
                  <message establishSecurityContext="true" />
                </security>
              </binding>
          </wsHttpBinding>

    You cannot use the establish security Context using the BasicHttpBinding ( I dont know why )

    If you do not set the establishSecurityContext ---it will be returned always as null

    Please keep in mind that you need to change the "http" links to "https" for the "WsHttpBinding"

    Once you configure the bindings

     

    if the client is hosted on a server (it will be running under "Domain\\GenuineUserName" )

    On the client side (for testing purpose on my local machine), I added the following code

    client.ClientCredentials.Windows.ClientCredential.Domain = "Domain";
    client.ClientCredentials.Windows.ClientCredential.UserName = "GenuineUserName";
    client.ClientCredentials.Windows.ClientCredential.Password = "ValidPassword";

     

    use the following code on the WCF service side to extract the user identity( In my case Domain\\userName)

    ServiceSecurityContext dc = ServiceSecurityContext.Current;( u need to add the required namespaces)

    if you look into dc=>PrimaryIdentity=>Username=>"Domain\\UserName" Yippie

    Thanks for all the valuable suggestions and guidance.

    • Marked as answer by Yi-Lun Luo Monday, April 11, 2011 8:56 AM
    Thursday, April 7, 2011 7:56 PM