WCF windows authentication

Question

I would like our WCF service to return the the current logged in user's name. I am calling this in my service,

HttpContext.Current.User.Identity.Name

However, I don't want the user to be shown a NT challenge when my silverlight application makes a call to the WCF service. Currently I disabled anonymous access and enabled integrated authentication however, due to this I am not able to add the service to my service reference in VS2010. How do I do it? Also what should be the web.config settings for the WCF service. I am currently using basicHttpBinding with security mode set to None.

Adding Web.config: Server:

<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<behaviors>
<serviceBehaviors>
<behavior name="MyService.MyServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_MyService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" receiveTimeout="00:40:00" openTimeout="00:40:00" closeTimeout="00:40:00" sendTimeout="00:40:00">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
<security mode="None"/>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="MyService.MyService.customBinding0">
<binaryMessageEncoding/>
<httpTransport/>
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="MyService.MyServiceBehavior" name="MyService.MyService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService" name="BasicHttpBinding_MyService" contract="MyService.IMyService"/>
</service>
</services>
</system.serviceModel>

Client:

<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/> 
<behaviors>
<serviceBehaviors>
<behavior name="MyService_Behavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="r1">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_MyService" closeTimeout="00:03:00" openTimeout="00:03:00" receiveTimeout="00:10:00" sendTimeout="00:03:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<security mode="None"/>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/MyService/MyService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyService" contract="MyService.IMyService" name="BasicHttpBinding_MyService" behaviorConfiguration="r1"/>
</client>
</system.serviceModel>

I have disabled Anonymous access and enabled integrated windows authentication — Kev, Mar 09 '11 at 06:45
could you add the web.config for server and client to the question? — Iain, Mar 09 '11 at 09:04
Refer http://stackoverflow.com/questions/9588265/understanding-wcf-windows-authentication for getting some perspective on windows authentication — LCJ, Oct 24 '12 at 05:46

score 0 · Answer 1 · edited Jun 09 '14 at 08:56

Try adding the following, endpoint behavior to you end point, with the psudo client config below

<behaviors>
    <endpointBehaviors>
        <behavior name="WindowsBehavior">
            <clientCredentials>
                <windows allowNtlm="false" allowedImpersonationLevel="Delegation"></windows>
            </clientCredentials>
            <dataContractSerializer maxItemsInObjectGraph="4194304"></dataContractSerializer>
        </behavior>
    </endpointBehaviors>
</behaviors>


<endpoint address="http://server/web.svc" behaviorConfiguration="WindowsBehavior" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Service" contract="IMyContract" name="BasicHttpBinding_Service">

score 0 · Answer 2 · answered Mar 10 '11 at 20:47

you need to enable windows authentiacation in the service binding config. i.e. reference this binding cinfig in you binding definition section

<bindings>
      <basicHttpBinding>
          <binding name="basicBindingCfg">
              <security mode="TransportCredentialOnly">
                  <transport clientCredentialType="Windows" />
              </security>
          </binding>
      </basicHttpBinding>
  </bindings>

also in you web config you need to set windows authentication

and allow users using the authorization tag:

   <authentication mode="Windows"/>
   <authorization>
        <allow roles="<NT group>"/>
        <allow users="<user name>"/>
        <deny users="*"/>
    </authorization>

WCF windows authentication

2 Answers2