none
User authentication from webHttpBinding RRS feed

  • Question

  • Dear all,

    I am building a WCF service oriented concept and I need to validae different type of authentication over the services.

    For example I have a simple GetData method that I am accessing through IIS as a host, which is define as below :

    public List<TestPocData> GetDataXml()
            {
                string s= System.Threading.Thread.CurrentPrincipal.Identity.Name;
                return this.GetDataJson();
            }

    When this method is hit, I am trying to cacth the current windows login user throiugh the current principal.
    Is is possible to catch here at this level using security binding on webHttpBinding ?

    If yes how to configure this securty, I am confuse.

    Thansk for sample

    regards

    Tuesday, September 11, 2018 7:39 AM

Answers

  • Hi wakefun,

    You need to set client Authentication to Windows credential. And then you could catch the windows login user.

    I have made a demo, wish it is useful to you.

    Server-side.

    class Program
        {
            static void Main(string[] args)
            {
                Uri uri = new Uri("http://localhost:900");
                WebHttpBinding binding = new WebHttpBinding();
                binding.Security.Mode = WebHttpSecurityMode.TransportCredentialOnly;
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
                ServiceHost sh = new ServiceHost(typeof(MyService), uri);
                ServiceEndpoint se = sh.AddServiceEndpoint(typeof(IService), binding, uri);
                se.EndpointBehaviors.Add(new WebHttpBehavior());
                sh.Credentials.WindowsAuthentication.IncludeWindowsGroups = true;
                sh.Open();
                Console.WriteLine("Service is ready");
                Console.ReadLine();
                sh.Close();
            }
        }
    
        [ServiceContract]
        public interface IService
        {
           [OperationContract]
            [WebGet]
            string SayHello();
        }
        public class MyService : IService
        {
            public string SayHello()
            {
                OperationContext oc = OperationContext.Current;
                string s=oc.ServiceSecurityContext.WindowsIdentity.Name;
                //you could also get the login user by the Tread Class.
                //string user = Thread.CurrentPrincipal.Identity.Name;
                return "Hello Stranger";
            }
        }

    Client-side.


    Result.


    The security information of the server and client is saved in the ServiceSecurtiyContext of the channel. After setting the client credential to windows/username in the transport security mode or message security mode, we could get the authentication information in the ServiceSecurityContext.

    https://docs.microsoft.com/en-us/dotnet/api/system.servicemodel.servicesecuritycontext?redirectedfrom=MSDN&view=netframework-4.7.2

    Best Regards

    Abraham
    Tuesday, September 18, 2018 2:37 AM
    Moderator

All replies

  • Hi wakefun,

    You need to set client Authentication to Windows credential. And then you could catch the windows login user.

    I have made a demo, wish it is useful to you.

    Server-side.

    class Program
        {
            static void Main(string[] args)
            {
                Uri uri = new Uri("http://localhost:900");
                WebHttpBinding binding = new WebHttpBinding();
                binding.Security.Mode = WebHttpSecurityMode.TransportCredentialOnly;
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
                ServiceHost sh = new ServiceHost(typeof(MyService), uri);
                ServiceEndpoint se = sh.AddServiceEndpoint(typeof(IService), binding, uri);
                se.EndpointBehaviors.Add(new WebHttpBehavior());
                sh.Credentials.WindowsAuthentication.IncludeWindowsGroups = true;
                sh.Open();
                Console.WriteLine("Service is ready");
                Console.ReadLine();
                sh.Close();
            }
        }
    
        [ServiceContract]
        public interface IService
        {
           [OperationContract]
            [WebGet]
            string SayHello();
        }
        public class MyService : IService
        {
            public string SayHello()
            {
                OperationContext oc = OperationContext.Current;
                string s=oc.ServiceSecurityContext.WindowsIdentity.Name;
                //you could also get the login user by the Tread Class.
                //string user = Thread.CurrentPrincipal.Identity.Name;
                return "Hello Stranger";
            }
        }

    Client-side.


    Result.


    The security information of the server and client is saved in the ServiceSecurtiyContext of the channel. After setting the client credential to windows/username in the transport security mode or message security mode, we could get the authentication information in the ServiceSecurityContext.

    https://docs.microsoft.com/en-us/dotnet/api/system.servicemodel.servicesecuritycontext?redirectedfrom=MSDN&view=netframework-4.7.2

    Best Regards

    Abraham
    Tuesday, September 18, 2018 2:37 AM
    Moderator
  • Hi thanks for your reply.

    Will it be the same for basicHttpBinding ?

    What is the difference between having secutity set on message or Transport level ?

    I have try message using custom user name and password for instance, and seems we nned to use Certificate according to exemple I see.

    Can you confirm or not ?

    regards

    Tuesday, September 18, 2018 7:06 AM