My question is similar to WCF Service, Windows Authentication (and others addressing the same problem with similar solutions), but I also need reliable sessions, which are not supported by "basicHttpBinding" as suggested in the answer to that question.
I want to briefly explain my scenario: User uses a WinForms application that connects to a WCF service hosted on IIS, the WCF service connects to MS SQL Server (which the user is granted to access). The user is a domain user and both IIS and SQL Server are inside the same domain. For test purposes, I created a small ASP.net web page that outputs "Thread.CurrentPrincipal.Identity.Name". If I turn on Windows authentication in IIS, I can see my user name, so I can be sure that Windows authentication works with IIS.
Once I turn on Windows authentication in IIS for the WCF service, I get an error when creating the service reference in Visual Studio, stating that WSHttpBinding doesn't support realiable sessions over HTTPS (although I use HTTP). It says something like "The channel factory or service host cannot be opened." (Unfortunately, I have non-English versions of all software so I have to try to translate it). I have tried various configurations now and ended up with the following Web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
<add key="ClientSettingsProvider.ServiceUri" value="" />
</appSettings>
<system.web>
<compilation debug="true" />
<membership defaultProvider="ClientAuthenticationMembershipProvider">
<providers>
<add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
</providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
<providers>
<add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" />
</providers>
</roleManager>
</system.web>
<!-- Bei der Bereitstellung des Dienstbibliothekprojekts muss der Inhalt der Konfigurationsdatei der app.config-Datei
des Hosts hinzugefügt werden. System.Configuration unterstützt keine Konfigurationsdateien für Bibliotheken. -->
<system.serviceModel>
<protocolMapping>
<add scheme="http" binding="wsHttpBinding" bindingConfiguration="WsHttpEndpointBinding" />
</protocolMapping>
<bindings>
<wsHttpBinding>
<binding name="WsHttpEndpointBinding">
<reliableSession enabled="true" inactivityTimeout="00:59:59" />
<security mode="Transport">
<transport clientCredentialType="Windows">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="ES.Reporting.RepWbService.RepWbMain">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="WsHttpEndpointBinding" contract="ES.Reporting.RepWbService.IRepWbMain">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8733/Design_Time_Addresses/RepWbService/MainRepWbService/" />
</baseAddresses>
<!--<timeouts closeTimeout="00:01:00" />-->
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- Legen Sie die Werte unten vor der Bereitstellung
auf "false" fest, um die Veröffentlichung von Metadateninformationen zu vermeiden. -->
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
<!-- Damit in Fehlern Ausnahmedetails zum Debuggen angezeigt werden,
legen Sie den Wert unten auf "true" fest. Legen Sie ihn vor der Bereitstellung auf "false" fest,
um die Veröffentlichung von Ausnahmeinformationen zu vermeiden. -->
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Anyone who has an idea how to configure the service so it works like I intended?
EDIT: Although I have set up the virtual directory in IIS for anonymous authentication and neither digest authentication nor Windows authentication are enabled, I get my username for Thread.CurrentPrincipal.Identity.Name in the WCF service (but "DefaultAppPool" in Environment.UserName). May be there's a method of forwarding that user when connecting to SQL Server?
