Home/ Questions/Q 333685
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T09:59:03+00:00

I have a WCF service deployed on another machine and I want to authenticate

  • 0

I have a WCF service deployed on another machine and I want to authenticate the client against the WCF service.

I have done the following things :

1) In IIS I have unchecked the Anonymous access and checked the “Integrated Windows Authenfication” check box.

2) My Web config

 <authentication mode="Windows" />
 <bindings>
      <basicHttpBinding>
        <binding name="BasicHttpBind">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

3) On the client side I am passing the user credential as below:

MyServiceClient _client;

_client = new MyServiceClient();

_client.ClientCredentials.Windows.ClientCredential.UserName = "username";
_client.ClientCredentials.Windows.ClientCredential.Password = "password";
_client.ClientCredentials.Windows.ClientCredential.Domain = "mydomain";

My question is how can I trap the user name and password on the server side (where the service is deployed)?

How can I authenticate user against the credential passed?

Currently I am using basichttp binding .. is this binding good enough to support security model?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    On the server side, you can either authenticate against Active Directory using Windows credentials being passed in, or then you’ll need to use an alternate store to handle user authentication.

    You can access the caller’s identity in your server side code using:

    IIdentity caller = ServiceSecurityContext.Current.PrimaryIdentity;

    You can also check whether a Windows user called with its Windows credentials (as in your sample) by checking the 

    ServiceSecurityContext.Current.WindowsIdentity

    If it’s NULL, then no Windows credentials have been passed – otherwise you can use this Windows identity to check who is calling (name etc.) – you won’t be able to read the user’s password, though! You can check his name, what groups he belongs to, and more.

    To use Windows/Active Directory validation, set the clientCredentialType to “Windows”. You might have to switch to wsHttpBinding, or even better: netTcpBinding (if you’re on a Windows LAN behind a firewall).

    <bindings>
  <netTcpBinding>
    <binding name="WindowsSecured">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </netTcpBinding>
</bindings>

    With this, only users who are registered in your Windows domain can even call the service. Any other users will be refused without any additional work on your side.

    Once you have the Windows user calling, you can check out the ServiceSecurityContext.Current.WindowsIdentity for information about who’s calling.

    Check the MSDN docs for details on what’s available on the service security context, or the Windows identity.

    Marc

    • 0