locked
WCF single sign-on example? RRS feed

  • Question

  • Hi,

    We have a .Net v3.5 win form -> WCF -> database architecture.  Users enter a (domain) username/pass when they log in.  We pass this username/pass thru WCF as credentials with a proxy set to BasicHttpMessageCredentialType.UserName.   We use <security mode="TransportWithMessageCredential"> (SSL).   When the call is made, WCF authenticates the username against the domain (before it calls our server code).

    (1) if we want to give our customer an option of using SSL or not SSL, is this possible?   I think that WCF requires SSL if you're sending username.  Is there another way i can authenticate the signed on user? 
    (2) if we want to use single sign on, how do i do this? Is there a (very simple) example code somewhere i can look at?  Is there a way to configure WCF to do this automatically (to set the binding for this?)

    Thanks!
    Wednesday, August 5, 2009 12:21 AM

Answers

  • Hi,

    We have a .Net v3.5 win form -> WCF -> database architecture.  Users enter a (domain) username/pass when they log in.  We pass this username/pass thru WCF as credentials with a proxy set to BasicHttpMessageCredentialType.UserName.   We use <security mode="TransportWithMessageCredential"> (SSL).   When the call is made, WCF authenticates the username against the domain (before it calls our server code).

    (1) if we want to give our customer an option of using SSL or not SSL, is this possible?   I think that WCF requires SSL if you're sending username.  Is there another way i can authenticate the signed on user? 
    (2) if we want to use single sign on, how do i do this? Is there a (very simple) example code somewhere i can look at?  Is there a way to configure WCF to do this automatically (to set the binding for this?)

    Thanks!

    Hi,
    1)you can not,I you set an message credential for the WCF service.Such SSL,you must su[pply a certificate for client an server.
    WCF uses certificate to impletement the SSL.As I know,You can Use Windows Authenticationi without setting certificate.
    2)For SSO,WCF does not supports it,You should impletement it with other technology,You can strored user authentication information in databse or others medias.an get it when you need.I know that Biztalk has a service for SSO.you can take as an reference.
    regards,


    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    Wednesday, August 5, 2009 4:43 AM
  • Hi Steve,

    For your two questions:

    (1) if we want to give our customer an option of using SSL or not SSL, is this possible?   I think that WCF requires SSL if you're sending username.  Is there another way i can authenticate the signed on user? 
    ========================
    I think it is better to open two separate endpoint (using the same serviceContract), one using SSL while another doesn't(it can use message layer security or even a custom binding without security at transport layer)

    (2) if we want to use single sign on, how do i do this? Is there a (very simple) example code somewhere i can look at?  Is there a way to configure WCF to do this automatically (to set the binding for this?)
    =========================
    As Frank mentioned, WCF doesn't provide out-of-box SSO supported, however, there is some extension points in WCF which can help implement SSO like feature. Here is blog entry which introducing the WCF Federation which can help

    #Single Sign-On scenarios with Federation
    http://weblogs.asp.net/cibrax/archive/2008/02/11/single-sign-on-scenarios-with-federation.aspx





    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Monday, August 10, 2009 10:25 AM

All replies

  • Hi,

    We have a .Net v3.5 win form -> WCF -> database architecture.  Users enter a (domain) username/pass when they log in.  We pass this username/pass thru WCF as credentials with a proxy set to BasicHttpMessageCredentialType.UserName.   We use <security mode="TransportWithMessageCredential"> (SSL).   When the call is made, WCF authenticates the username against the domain (before it calls our server code).

    (1) if we want to give our customer an option of using SSL or not SSL, is this possible?   I think that WCF requires SSL if you're sending username.  Is there another way i can authenticate the signed on user? 
    (2) if we want to use single sign on, how do i do this? Is there a (very simple) example code somewhere i can look at?  Is there a way to configure WCF to do this automatically (to set the binding for this?)

    Thanks!

    Hi,
    1)you can not,I you set an message credential for the WCF service.Such SSL,you must su[pply a certificate for client an server.
    WCF uses certificate to impletement the SSL.As I know,You can Use Windows Authenticationi without setting certificate.
    2)For SSO,WCF does not supports it,You should impletement it with other technology,You can strored user authentication information in databse or others medias.an get it when you need.I know that Biztalk has a service for SSO.you can take as an reference.
    regards,


    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    Wednesday, August 5, 2009 4:43 AM
  • Hi Steve,

    For your two questions:

    (1) if we want to give our customer an option of using SSL or not SSL, is this possible?   I think that WCF requires SSL if you're sending username.  Is there another way i can authenticate the signed on user? 
    ========================
    I think it is better to open two separate endpoint (using the same serviceContract), one using SSL while another doesn't(it can use message layer security or even a custom binding without security at transport layer)

    (2) if we want to use single sign on, how do i do this? Is there a (very simple) example code somewhere i can look at?  Is there a way to configure WCF to do this automatically (to set the binding for this?)
    =========================
    As Frank mentioned, WCF doesn't provide out-of-box SSO supported, however, there is some extension points in WCF which can help implement SSO like feature. Here is blog entry which introducing the WCF Federation which can help

    #Single Sign-On scenarios with Federation
    http://weblogs.asp.net/cibrax/archive/2008/02/11/single-sign-on-scenarios-with-federation.aspx





    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Monday, August 10, 2009 10:25 AM