WCF Windows Authentication - How to?

  • Thread starter Thread starter vpabloortiz
  • Start date Start date
V

vpabloortiz

Hi everyone,

I have a simple requirement to create a web service and be able to
determine the identities of clients connecting to it (ie. if I'm
logged in as Me@domain and I call some method on the service, the
service should be able to grab this info and perform some custom
authentication, perhaps look up "Me@domain" in a database table). The
problem I'm having is that when I debug a call on the service and look
at the Thread.CurrentThread's identity information, all I see is the
NETWORK SERVICE account name rather than the identity of the caller.
It was my impression that the calls would be serviced under the
context of the calling client, so I must have something set up wrong.
Can anyone lend a hand? This is what I've done :

WCF SERVICE
===========
1) In the constructor I execute the following line of code :

AppDomain.CurrentDomain.SetPrincipalPolicy
(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);

2) In the Web.config, I've set the binding to netTcpbinding which uses
transport level security and Windows Auth by default

<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<services>
<service behaviorConfiguration="MyServiceBehavior"
name="MyOwnService.MyOwnService">
<endpoint address="" binding="netTcpBinding"
bindingConfiguration="MyTestBinding"
contract="MyOwnService.IMyOwnService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:49910/MyOwnService/" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="MyTestBinding" />
</netTcpBinding>
</bindings>

<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceMetadata httpGetEnabled="false"/

<serviceDebug
includeExceptionDetailInFaults="True"/>
<dataContractSerializer
maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>

WINDOWS SERVICE
================
Since I'm using netTcpBinding, I can't host it in IIS versions < 7.0,
so I chose to host it in a windows service, which I've set up to run
under the NETWORK SERVICE account.

CLIENT
=====
The client's app.config is generated via svcutil, and is as follows :

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_MyOwnService"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00"
transactionFlow="false"
transferMode="Buffered" transactionProtocol="OleTransactions"

hostNameComparisonMode="StrongWildcard" listenBacklog="10"
maxBufferPoolSize="10524288"
maxReceivedMessageSize="2147483647" maxConnections="10"<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport
clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message
clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://localhost:49910/
MyOwnService/"
binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_MyOwnService"
contract="MyOwnServiceReference.MyOwnService"
name="NetTcpBinding_MyOwnService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
 
Hi everyone,

I have a simple requirement to create a web service and be able to
determine the identities of clients connecting to it (ie. if I'm
logged in as Me@domain and I call some method on the service, the
service should be able to grab this info and perform some custom
authentication, perhaps look up "Me@domain" in a database table). The
problem I'm having is that when I debug a call on the service and look
at the Thread.CurrentThread's identity information, all I see is the
NETWORK SERVICE account name rather than the identity of the caller.
It was my impression that the calls would be serviced under the
context of the calling client, so I must have something set up wrong.
Can anyone lend a hand? This is what I've done :

WCF SERVICE
===========
1) In the constructor I execute the following line of code :

AppDomain.CurrentDomain.SetPrincipalPolicy
(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);

2) In the Web.config, I've set the binding to netTcpbinding which uses
transport level security and Windows Auth by default

Why is the Web.config not set to wsHTTPBindings? Is this or is this not WCF
Web Service?
Is this IIS 7 or not?
WINDOWS SERVICE
================
Since I'm using netTcpBinding, I can't host it in IIS versions < 7.0,
so I chose to host it in a windows service, which I've set up to run
under the NETWORK SERVICE account.


What is hosting WCF is it a Windows service or IIS? Is there more than one
WCF service being hosted?

I know that machine that is hosting IIS7 can host a WCF Web service, tcp/ip,
Named Pipe, ect, etc WCF service all on the same machine.

What I don't understand is the infrastructure of this solution?





__________ Information from ESET NOD32 Antivirus, version of virus signature database 4044 (20090430) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
Hello,

I'm not sure what the source of the confusion is, but I'll try and
clarify matters further.
Why is the Web.config  not set to wsHTTPBindings? Is this or is this not WCF
Web Service?
Is this IIS 7 or not?

The reason why it's not set to wsHttpBinding is because I would rather
go with netTcpBinding for speed. The netTcpBinding already supports
everything I need it for, I'm just missing something simple that I
can't figure out.
What is hosting WCF  is it a Windows service or IIS? Is there more thanone
WCF service being hosted?
I know that machine that is hosting IIS7 can host a WCF Web service, tcp/ip,
Named Pipe, ect, etc WCF service all on the same machine.

As I mentioned above, netTcpBinding cannot be hosted by IIS versions <
7.0 (I'm using 6.0), therefore I'm hosting it in a windows service.
What I don't understand is the infrastructure of this solution?

Windows service running under a NETWORK SERVICE account hosting a WCF
service using netTcpBinding.

Thanks
 
Hello,

I'm not sure what the source of the confusion is, but I'll try and
clarify matters further.
Why is the Web.config not set to wsHTTPBindings? Is this or is this not
WCF
Web Service?
Is this IIS 7 or not?

The reason why it's not set to wsHttpBinding is because I would rather
go with netTcpBinding for speed. The netTcpBinding already supports
everything I need it for, I'm just missing something simple that I
can't figure out.
What is hosting WCF is it a Windows service or IIS? Is there more than one
WCF service being hosted?
I know that machine that is hosting IIS7 can host a WCF Web service,
tcp/ip,
Named Pipe, ect, etc WCF service all on the same machine.

As I mentioned above, netTcpBinding cannot be hosted by IIS versions <
7.0 (I'm using 6.0), therefore I'm hosting it in a windows service.
What I don't understand is the infrastructure of this solution?

Windows service running under a NETWORK SERVICE account hosting a WCF
service using netTcpBinding.


So IIS is nowhere to be found in this solution, WCF is being hosted by a
Windows service and the client is in contact with the WCF service hosted by
a Windows service.

Is this correct?





__________ Information from ESET NOD32 Antivirus, version of virus signature database 4044 (20090430) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
Back
Top