locked
Integrated Security Account for a WCF Entity Framework Data Service on IIS RRS feed

  • Question

  • I have a data service developed with Entity Framework 6.0.  When I am running it using IIS Express in the development environment, everything works fine using Integrated Security in my connection string in Web.config.  When I publish the data service to my live server, I have to use a connection string with username and password.

    My Question is which user is being used to supply the credential for integrated security?  I have anonymous turned off and Windows Auth turned on.  My Web.Config is as follows:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <configSections>
        <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
        <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
      </configSections>
      <appSettings>
        <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
      </appSettings>
      <system.web>
        <customErrors mode="off"/>
        <compilation debug="true" targetFramework="4.5">
          <assemblies>
            <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
          </assemblies>
        </compilation>
        <httpRuntime targetFramework="4.5" />
      </system.web>
      <system.serviceModel>
        <behaviors>
          <serviceBehaviors>
            <behavior name="">
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
              <!--<serviceAuthorization impersonateCallerForAllOperations="true" />-->
            </behavior>
            <!--<behavior name="DispatchDataServiceBehavior">
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
              -->
            <!--<serviceAuthorization impersonateCallerForAllOperations="true" />-->
            <!--
            </behavior>-->
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
          <remove scheme="http" />
          <add binding="basicHttpsBinding" scheme="https" />
        </protocolMapping>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
        <bindings>
          <basicHttpsBinding>
            <binding name="BasicHttpsEndpointBinding">
              <security mode="Transport">
                <transport clientCredentialType="Windows" />
              </security>
            </binding>
          </basicHttpsBinding>
        </bindings>
        <services>
          <service name="MPSDataService.ListService">
            <endpoint address="" binding="basicHttpsBinding" bindingConfiguration="BasicHttpsEndpointBinding" name="ListServiceEndpoint" contract="MPSDataService.IListService" />
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
          </service>
          <service name="MPSDataService.MileageService">
            <endpoint address="" binding="basicHttpsBinding" bindingConfiguration="BasicHttpsEndpointBinding" name="MileageServiceEndpoint" contract="MPSDataService.IMileageService" />
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
          </service>
        </services>
      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true" />
        <!--
            To browse web app root directory during debugging, set the value below to true.
            Set to false before deployment to avoid disclosing web app folder information.
          -->
        <directoryBrowse enabled="true" />
      </system.webServer>
      <connectionStrings>
        <add name="DispatchConnectionString" connectionString="Data Source=aimmds;Initial Catalog=Dispatch;Persist Security Info=True;User ID=user;Password=pw" providerName="System.Data.SqlClient" />
        <!--<add name="DispatchConnectionString" connectionString="Data Source=aimmds;Initial Catalog=Dispatch;Persist Security Info=True;Integrated Security=True;" providerName="System.Data.SqlClient" />-->
        <!-- <add name="ASPNetConnectionString" connectionString="Data Source=aimmds;Initial Catalog=ASPNetDB;Persist Security Info=True;User ID=aspuser;Password=pw" providerName="System.Data.SqlClient" />-->
        <add name="DispatchEntities" connectionString="metadata=res://*/DispatchModel.csdl|res://*/DispatchModel.ssdl|res://*/DispatchModel.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=aimmds;initial catalog=Dispatch;persist security info=True;user id=user;password=pw;MultipleActiveResultSets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />
        <!--<add name="DispatchEntities" connectionString="metadata=res://*/DispatchModel.csdl|res://*/DispatchModel.ssdl|res://*/DispatchModel.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=aimmds;initial catalog=Dispatch;persist security info=True;Integrated Security=True;MultipleActiveResultSets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />-->
      </connectionStrings>
      <entityFramework>
        <defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
        <providers>
          <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
        </providers>
      </entityFramework>
    </configuration>

    It would seem that since Windows Auth is on, it would use that user for the credentials in Integrated Security.  This works on my dev box, but I think it is because it is getting the integrated security creds from my windows logon.  Any help with this would be greatly appreciated.


    Jim Wilcox

    Wednesday, November 6, 2013 4:37 PM