Home

May 1, 2012

Pass windows authentication to WCF service hosted using basicHttpBinding

I come across this scenario while accessing CRM data using WCF service. I can’t use impersonated user because it breaches my data security. I need to pass windows credential to get specific data based on user's roles and privilege. It can be achieved using few WCF configuration and the way we call WCF service -

1. Configuration with WCF service

   <system.serviceModel>
<
bindings>
<
basicHttpBinding>
<
binding name="BasicHttpEndpointBinding">
<
security mode="TransportCredentialOnly">
<
transport clientCredentialType="Windows" />
</
security>
</
binding>
</
basicHttpBinding>
</
bindings>
<
services>
<
service behaviorConfiguration="MyServiceTypeBehaviors" name="WcfService1.Service1">
<
endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding" name="BasicHttpEndpoint" contract="WcfService1.IService1">
<
identity>
<
dns value="localhost" />
</
identity>
</
endpoint>
<
endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</
service>
</
services>
<
behaviors>
<
serviceBehaviors>
<
behavior name="MyServiceTypeBehaviors">
<
serviceMetadata httpGetEnabled="true" />
</
behavior>
</
serviceBehaviors>
</
behaviors>
</
system.serviceModel>

2. Calling WCF service

BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
EndpointAddress endpoint = new EndpointAddress("http://localhost:50613/Service1.svc");
ServiceReference1.Service1Client client = new ServiceReference1.Service1Client(basicHttpBinding, endpoint);
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Identification;
client.ChannelFactory.Credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
client.GetData(10);

3. Hosting service in IIS with anonymous authentication and windows authentication set to true


You can refer the sample code here.

No comments: