1

I have a WPF client that talks to a WCF using Windows Authentication.

When people are on the domain, it can pass credentials fine but not when they are using the client over the internet

  ClientBase.Credentials = OnNetwork ? CredentialCache.DefaultCredentials : new NetworkCredential(tbxUsername.Text, pbxPassword.SecurePassword);

What is the proper way to do this?

Robaticus
  • 22,857
  • 5
  • 54
  • 63
bebonham
  • 135
  • 1
  • 12
  • if I need to add more info or anything please let me know. I am just trying to do windows authentication over the internet from a wpf application – bebonham Mar 23 '12 at 14:48
  • no that's what I'm trying to get away from...but thanks – bebonham Mar 27 '12 at 16:49
  • What kind of errors do you get? What's WCF putting out over the wire? Is it trying to do authentication at all? How far in the NTLM processing is this getting? Can you post a fiddler or wireshark trace? – Edward Thomson Mar 28 '12 at 20:07
  • there is no error I get a 401 from IIS since I have windows authentication turned on. IIS is not able to validate me as a domain user using the credentials I am passing. – bebonham Mar 28 '12 at 23:03
  • Can you please show the relevant sections of client app.config? – Phil Degenhardt Apr 01 '12 at 22:54
  • Note that it's NT(LAN)Manager, not NT(WAN)Manager :) It's 1. deprecated 2. not designed for use on the internet – bgeschka Mar 25 '20 at 12:42

2 Answers2

1

You may be able to use ADFS 2.0 + Windows Identity Foundation. See this: http://blogs.msdn.com/b/appfabriccat/archive/2010/12/14/ad-fs-2-0-to-secure-wcf-and-workflow-services-hosted-in-windows-server-appfabric.aspx

That article talks about a WCF service hosted in Windows Azure but you should be able to apply the same principal idea.

Jeff
  • 445
  • 3
  • 12
1

I think the very right solution is Windows Identity Foundation like pointed by @Jeff.

NTLM authentication is deprecated by Microsoft itself (see this article on MSDN). Moreover NTLMSSP has been disabled by default from Windows Server 2008 (and later).

Anyway to use NTLM you have to enable IWA on your IIS host, start reading this article on Microsoft Technet to understand how (and this one too for IIS 7).

Please check MSDN for more details but as quick overview you can take a look to this articles (in order of importance):

Community
  • 1
  • 1
Adriano Repetti
  • 65,416
  • 20
  • 137
  • 208
  • Thanks but I already have it working on IIS, that is why passing the default credentials works on the domain. I am not interested in using anything other then windows authentication. – bebonham Mar 30 '12 at 19:17
  • Yes, the first two links of the list should fit your case – Adriano Repetti Apr 02 '12 at 07:04
  • the first link only explains how to set up the server. I already have that working, and it must be ntlm + windows authentication. The second link does not show how to do it if you are not logged into the domain. This needs to work when not logged into the domain. Below is applicable server web config to clarify: – bebonham Apr 03 '12 at 14:59