0

i am new in wcf but our ogranization want me to develop a single wcf service which will be used by our oranization employee and as well as out side customer.

wcf service will be hosted in our organization pc which is be accessible from our organization lan and as well as using internet.

our IT head want that when our employee will use the service then they will pass their windows authentication credentials and when 3rd party customer will access then they will pass their user name & password which will be validated against database.

now my concern is that how do i design my service that which can indentify our employee and 3rd party user.

how to write the code for authentication that when our request comes from our domain then i will not validate user credential and when request comes from 3rd part then request will be validated against database.

just give me small code snippet which guide me to write code for authentication. authentication routine will detect that request comes from where....

request comes from our domain or from 3rd party user? if 3rd party then validate user credential against database.

UPDATE

@Michal Ciechan : hi thanks for reply.

i understood that i have to set up two different binding. one will use our domain user and other will use out side user.

i want to design my service which will have validate method and it will validate user against domain or database.

service will accept user id & password whoever consume the service and validate method will just have the logic to detect the user is from our domain if yes then it will validate user against the domain and if the user from our side then it will validate user credential against database.

here i am giving a small service client code just show how people will send credentials to service

private static void Main(string[] args)
{
     var client = new WcfServiceClient();
     client.ClientCredentials.UserName.UserName = username;
     client.ClientCredentials.UserName.Password = password;
     if(client.IsValid())
     {
          Console.Write(client.GetData(1));
     }
     client.Close();
     Console.Read();
}

so now guide me how to design my service and also isValid function which can detect the user type. like user is from our domain or user is from out side and validate accordingly.

my question is how client code will look like in my case. how to pass domain user credential to service and how to pass out side user credential to service. please guide me. thanks

John Saunders
  • 160,644
  • 26
  • 247
  • 397
Thomas
  • 33,544
  • 126
  • 357
  • 626
  • Is there somehow a user interface involved? – Youp Bernoulli Mar 31 '14 at 14:09
  • the service client can be windows form or web form etc – Thomas Mar 31 '14 at 14:12
  • http://www.codeproject.com/Articles/36289/steps-to-enable-windows-authentication-on-WCF-Ba might help you... – Youp Bernoulli Mar 31 '14 at 14:16
  • I have edited your title. Please see, "[Should questions include “tags” in their titles?](http://meta.stackexchange.com/questions/19190/)", where the consensus is "no, they should not". – John Saunders Apr 01 '14 at 08:51
  • By user in your domain, do you mean the Username is in Active Directory? or do you mean the computer in on the same network as the server (LAN/VPN)? – Michal Ciechan Apr 01 '14 at 12:20
  • user name in domain but there could be multiple domain in organization. so when user access wcf from any of our domain then we need to validate that user too. – Thomas Apr 01 '14 at 13:43
  • @Michal : can u point me to any article which discuss my situation and from where i can get the full code. my situation means one type of user login to service from domain with win auth and another typeout side just login to service with valid user id & name. – Thomas Apr 01 '14 at 13:46
  • @Thomas please see http://msdn.microsoft.com/en-us/library/aa702565(v=vs.110).aspx – Michal Ciechan Apr 01 '14 at 13:49
  • And in your authenticator, first attempt to authenticate against active directory, and then if that fails, validate against database – Michal Ciechan Apr 01 '14 at 13:51
  • For active directory see http://stackoverflow.com/questions/290548/validate-a-username-and-password-against-active-directory – Michal Ciechan Apr 01 '14 at 13:51

1 Answers1

1

Expose different bindings.

For employees use netTcpBinding

for clients, use Http base binding.

You can change security settings on each binding individually

For custom username + password authentication, you can implement UserNamePasswordValidator.

See How to: Use a Custom User Name and Password Validator

Sample Configuration:

<bindings>
  <netTcpBinding>
    <binding name="SecureService_Tcp"
      …
      <security mode="Transport">
        <transport clientCredentialType="Windows"
                   protectionLevel="EncryptAndSign" />
        <message clientCredentialType="Windows" />
      </security>
    </binding>
  </netTcpBinding>
  <wsHttpBinding>
    <binding name="SecureService_WsHttp"
        <security mode="TransportWithMessageCredential" >
           <message clientCredentialType="UserName" />
        </security>
    </binding>
  </wsHttpBinding>
</bindings>
Michal Ciechan
  • 13,492
  • 11
  • 76
  • 118
  • may be i could use different binding but i will have one authentication method and from there how could i detect which user come from our domain and which one 3rd party user? if 3rd party then i need to validate user credential against database. u miss to mention how to detect user type ? – Thomas Mar 31 '14 at 14:20
  • u said :- You can change security settings on each binding individually this is not clear to me that what u tried to say. explain in more detail. thanks – Thomas Mar 31 '14 at 14:21
  • WCF will validate it for you, if you want to use custom UserName/Password validation, you can use behaviour. – Michal Ciechan Mar 31 '14 at 14:21
  • And if your client is connecting via TCP (on the LAN, as you wouldn't be exposing the TCP ports to Internet) they will automatically be authenticated. – Michal Ciechan Mar 31 '14 at 14:23
  • @Thomas Please read: http://msdn.microsoft.com/en-us/library/ms733836(v=vs.110).aspx – Michal Ciechan Mar 31 '14 at 14:27
  • You specify how you want to authenticate the users coming from TCP(Employees) binding (None/Windows/Username/Certificate/etc) and you also specify how you authenticate users coming from Http(Public) binding. Look at the and for TCP you can also use – Michal Ciechan Mar 31 '14 at 14:29
  • please have look at my updated question portion. thanks – Thomas Apr 01 '14 at 08:49