Wednesday, April 7, 2010

windows authentication in WCF


WCF stands for Windows Communication Foundation. WCF provides functionality to create service library. Now a day, everyone wants to implement their solution as a service so anybody else can consume it and will use it.

For example, online payment integration software gives functionality to integrate their API with your application like First Data Global gateway, PayPal etc…

WCF use to expose these services so any client can consume those services and use the service. Some services are not required any authorization to use it. But some services needs authentication before using it. We can develop security in many ways in WCF service. Common ways are defined below:

  • Windows Authentication
  • Form Authentication (Custom Authentication)
  • Certificate base authentication

Here I talked about Windows authentication to secure your service. Windows authentication use logged on user for authentication.

Follow below steps to implement Windows authentication in your WCF service.
  • Create new “WCF Service Application” project from File menu and selecting “New Project” option and select “Web” as a project type and “WCF Service Application” as a project template.
  • Update SerivceModel section in web.config which is given below
  • Also check authentication mode is Windows. If not then change it with “Windows”
  • Open IIS and select virtual directory.
  • In virtual directory property windows, Select “Directory Setting” tab and click on Edit button under “Anonymous access and authentication control”.
  • Remove anonymous access and select “Integrated Windows Authentication”.

Snap of updated web.config file:

<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCFWindowsBasicHttpBinding.Service1Behavior" name="WCFWindowsBasicHttpBinding.Service1">
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="BasicHttpEndpointBinding"
name="BasicHttpEndpoint" contract="WCFWindowsBasicHttpBinding.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFWindowsBasicHttpBinding.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>


We have mentioned security mode in binding section and bind that binding configuration with endpoint. Also remove the “mex” endpoint from the list of end points.

Now service is ready to use. You can consume the service in your client application. You have to pass user credential before calling WCF service. In client application, give following code before calling WCF service method:


Service1 client = new Service1();
client.Credentials = System.Net.CredentialCache.DefaultCredentials;


This will assign current user credential to service object. Now when you will call WCF service method, WCF will execute that method in context of that logged in user.

If user doesn’t have access on this method then WCF service will return with authentication failure exception.

You can download code from here.

1 comment:

  1. Thanks it sounds interesting but the example it doesn't work T_T, i changed the reference to the local project but show the next error: "La configuración de seguridad de este servicio requiere la autenticación de Windows, pero no está habilitada para la aplicación IIS que hospeda este servicio." :(

    ReplyDelete

DotNet Code Guru