Thursday, July 26, 2012

Using WCF with windows authentication with an intranet ASP.Net website

Scenario:
You want to use windows authentication to protect a WCF service and the client is an ASP.Net intranet website (and has Windows Authentication turned on).

Steps:
Create your WCF webservice website (I am assuming that the web-service website is different from the intranet website).

Enable Windows Authentication for the site.

image

For the purposes of testing create a service method that returns the user info:

public string GetUserInfo()         
{
             string userinfo = string.Empty;
             var windowsIdentity = ServiceSecurityContext.Current.WindowsIdentity;
             if (windowsIdentity != null)
                 userinfo = windowsIdentity.Name;
             return userinfo;        
}

Setup the web.config for the service so that the end point uses basicHttpBinding with a configuration where the security mode is set to “TransportCredentialOnly” and the Transport’s clientCredentialType is set to windows. Here is what it will look like:

<system.serviceModel>
     <services>
       <service name="WcfService1.Service1">
         <endpoint address="Service1.svc" binding="basicHttpBinding" bindingConfiguration="basicHttpBindingConfiguration" contract="WcfService1.IService1" />
       </service>
     </services>
     <bindings>
       <basicHttpBinding>
         <binding name="basicHttpBindingConfiguration">
           <security mode="TransportCredentialOnly">
             <transport clientCredentialType="Windows" />
           </security>
         </binding>
       </basicHttpBinding>
     </bindings>
     <behaviors>
       <serviceBehaviors>
         <behavior>
           <serviceMetadata httpGetEnabled="true"/>
           <serviceDebug includeExceptionDetailInFaults="true"/>
         </behavior>
       </serviceBehaviors>
     </behaviors>
     <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />   </system.serviceModel>

Create your ASP.Net website (which will act as a client to your web-service). Set its authentication mode to “Windows” and make sure that you set "identity impersonate” to true.

image

Now add a reference to your web-service.

In your web.config make sure that the security mode is set to “TransportCredentialOnly” and the Transport’s clientCredentialType is set to windows. Here is an example:

<system.serviceModel>
     <bindings>
       <basicHttpBinding>
         <binding name="BasicHttpBinding_IService1">
           <security mode="TransportCredentialOnly">
             <transport clientCredentialType="Windows"/>
           </security>
         </binding>
       </basicHttpBinding>
     </bindings>
     <client>
       <endpoint address="http://xxxxxx/Service1.svc/Service1.svc"         binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1"         contract="ServiceReference1.IService1" name="BasicHttpBinding_IService1" />
     </client>
   </system.serviceModel>

That should be it. When you call “GetUserInfo”, you should get the name of the user that is accessing the asp.Net website.

No comments:

Post a Comment

Remember, if you want me to respond to your comment, then you need to use a Google/OpenID account to leave the comment.