none
WCF Transport clientCredentialType = Ntlm RRS feed

  • Question

  • I want to use ntlm to confirm the user before the service is consumed. But then for the validation, i want to use a custom validator when using the application to log in to database. Is this possible?

    Server Config:

    <?xml version="1.0"?>
    <configuration>
      <appSettings>
        <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true"/>
      </appSettings>
      <system.web>
        <compilation debug="true" strict="false" explicit="true" targetFramework="4.5"/>
        <httpRuntime targetFramework="4.5"/>
      </system.web>
      <system.serviceModel>
        <bindings>
          <wsHttpBinding>
            <binding name="SSL" sendTimeout="00:10:00" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
              <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
              <security mode="TransportWithMessageCredential">
                <transport clientCredentialType="Ntlm" />
                <message clientCredentialType="UserName" algorithmSuite="TripleDesSha256Rsa15"/>
              </security>
            </binding>
          </wsHttpBinding>
        </bindings>
        <services>
          <service behaviorConfiguration="CustomValidation" name="WCFService.Service1">
            <endpoint address="https://myservice/Service1.svc" binding="wsHttpBinding" contract="WCFService.IService1" bindingConfiguration="SSL"/>
            <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="CustomValidation">
              <serviceMetadata httpsGetEnabled="true"/>
              <serviceDebug httpsHelpPageEnabled="true" includeExceptionDetailInFaults="true"/>
              <serviceCredentials>
                <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFService.Verification, WCFService"/>
              </serviceCredentials>
              <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="false"/>
      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
        <directoryBrowse enabled="false"/>
      </system.webServer>
    </configuration>

    App Config:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <startup>
            <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
        </startup>
        <system.serviceModel>
            <bindings>
                <wsHttpBinding>
                    <binding name="WSHttpBinding_IService1">
                        <security mode="TransportWithMessageCredential">
                            <transport clientCredentialType="None" />
                            <message clientCredentialType="UserName" algorithmSuite="TripleDesSha256Rsa15" />
                        </security>
                    </binding>
                </wsHttpBinding>
            </bindings>
            <client>
                <endpoint address="https://data.mira.co.uk/Connor/WCFService/Service1.svc"
                    binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
                    contract="ServiceReference1.IService1" name="WSHttpBinding_IService1" />
            </client>
        </system.serviceModel>
    </configuration>

    Wednesday, April 20, 2016 9:26 AM

Answers

  • Hello,

    When setting the security mode to TransportWithMessageCredential, the transport determines the actual mechanism that provides the transport-level security. For example, the HTTP protocol uses Secure Sockets Layer (SSL) over HTTP (HTTPS). Therefore, setting the ClientCredentialType property of any transport security object is ignored. In other words, you can only set the ClientCredentialType of the message security object. And the message security mode is used for the client authentication.

    For more information, please try to refer to the following article:
    #WS Transport With Message Credential:
    https://msdn.microsoft.com/en-us/library/aa354508(v=vs.110).aspx .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, April 22, 2016 2:58 AM
    Moderator