0

The System: Client - Server application. The client is a WPF application which communicates via WCF with the server. With the login-method of the server (user table) the client gets a session ID which will be used for further communication. So, each user has to enter a valid user and password.

What I want to achieve: If an AD-User starts the WPF application, no login should show up. The client sends the "AD credentials" to the server, it checks the credentials of the AD user and finds a mapping to the local user table. With this information the client gets the session ID.

I have found several approaches e.g. https://learn.microsoft.com/en-us/dotnet/framework/security/building-my-first-claims-aware-wcf-service but I don't realy know how to start.

rbrayb
  • 46,440
  • 34
  • 114
  • 174
Harald
  • 326
  • 4
  • 16

1 Answers1

0

If you setup your WCF to have "Windows Authentication", then if a call reaches your service, then it means that:

(1) The user calling the service is a valid Windows user

(2) you can determine the Windows user calling your service (without depending on the data from the Client)

Then you can user this user ID for further processing.

The following gives more details on this

(1) Understanding WCF Windows Authentication

The above explains the WCF service

(2) WCF Service, Windows Authentication

(3) https://learn.microsoft.com/en-us/dotnet/framework/wcf/how-to-secure-a-service-with-windows-credentials

The official MS documentation.

Subbu
  • 2,130
  • 1
  • 19
  • 28