How to setup WCF service that is using an alternate Windows creden

Discussion in 'ASP .Net Web Services' started by Siyad, Feb 10, 2009.

  1. Siyad

    Siyad Guest

    Hi,

    I am really confused! and couldn't find any resource to solve my confusion.
    I am not sure whether this is an appropriate place to ask WCF query. Since i
    found this WCF releted query here, i assume this may be a proper place. Ok
    now let me move to the query.

    I have a WCF service which will authenticate the clients accessing it using
    a valid username/password from Active Directory or local machine. I am
    hosting my service in IIS and i have disabled 'anonymous access' option too
    instead i turned on Integrated Windows Authentication option. Now when i try
    to access the SVC file of service thru browser it is asking me for windows
    user id / password. But same way if i try to invoke a service method from
    client application it fails and throws an exception. I am setting the
    clientproxy's clientcredential appropriately. Just like the one below


    ServiceClient client = new ServiceClient();
    client.ClientCredentials.Windows.ClientCredential = new
    System.Net.NetworkCredential("Others", "password");
    MessageBox.Show(client.GetData(1234));
    client.Close();


    Here is my Web.config file portion

    <system.serviceModel>
    <bindings>
    <wsHttpBinding>
    <binding name="wsHttpBindingConfig" >
    <security>
    <message negotiateServiceCredential="false"/>
    </security>
    </binding>
    </wsHttpBinding>
    </bindings>
    <services>
    <service name="Service" behaviorConfiguration="ServiceBehavior">
    <!-- Service Endpoints -->
    <endpoint address="" binding="wsHttpBinding" contract="IService"
    bindingConfiguration="wsHttpBindingConfig">
    <!--
    Upon deployment, the following identity element should be
    removed or replaced to reflect the
    identity under which the deployed service runs. If removed,
    WCF will infer an appropriate identity
    automatically.
    -->
    <identity>
    <servicePrincipalName value="localhost/ASTRIX"/>
    </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding"
    contract="IMetadataExchange"/>
    </service>
    </services>
    <behaviors>
    <serviceBehaviors>
    <behavior name="ServiceBehavior">
    <!-- To avoid disclosing metadata information, set the value below to
    false and remove the metadata endpoint above before deployment -->
    <serviceMetadata httpGetEnabled="true"/>
    <!-- To receive exception details in faults for debugging purposes, set
    the value below to true. Set to false before deployment to avoid disclosing
    exception information -->
    <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
    </serviceBehaviors>
    </behaviors>
    </system.serviceModel>

    Here is client side app.config

    <system.serviceModel>
    <bindings>
    <wsHttpBinding>
    <binding name="WSHttpBinding_IService" closeTimeout="00:01:00"
    openTimeout="00:01:00" receiveTimeout="00:10:00"
    sendTimeout="00:01:00"
    bypassProxyOnLocal="false" transactionFlow="false"
    hostNameComparisonMode="StrongWildcard"
    maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
    messageEncoding="Text" textEncoding="utf-8"
    useDefaultWebProxy="true"
    allowCookies="false">
    <readerQuotas maxDepth="32"
    maxStringContentLength="8192" maxArrayLength="16384"
    maxBytesPerRead="4096" maxNameTableCharCount="16384"
    />
    <reliableSession ordered="true"
    inactivityTimeout="00:10:00"
    enabled="false" />
    <security mode="Message">
    <transport clientCredentialType="Windows"
    proxyCredentialType="None"
    realm="" />
    <message clientCredentialType="Windows"
    negotiateServiceCredential="true"
    algorithmSuite="Default"
    establishSecurityContext="true" />
    </security>
    </binding>
    </wsHttpBinding>
    </bindings>
    <client>
    <endpoint
    address="http://astrix/WinAuthDemoWCFService/Service.svc"
    binding="wsHttpBinding"
    bindingConfiguration="WSHttpBinding_IService"
    contract="ServiceReference1.IService"
    name="WSHttpBinding_IService">
    <identity>
    <userPrincipalName value="localhost/ASTRIX" />
    </identity>
    </endpoint>
    </client>
    </system.serviceModel>

    When i try to access the service method from client, getting following
    exception

    SecurityMessageException-{"The HTTP request is unauthorized with client
    authentication scheme 'Anonymous'. The authentication header received from
    the server was 'Negotiate,NTLM'."}
    InnerException - (WebException) - {"The remote server returned an error:
    (401) Unauthorized."}.


    is there anything extra i have to setup?.... What is the role of SPN and UPN
    in this scenario?

    Thanks in Adv,
    Siyad
    Siyad, Feb 10, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris
    Replies:
    2
    Views:
    659
    Chris
    Mar 4, 2007
  2. Billy Zhang
    Replies:
    7
    Views:
    1,126
    Steven Cheng [MSFT]
    Jul 31, 2008
  3. Simon
    Replies:
    0
    Views:
    981
    Simon
    Oct 13, 2009
  4. Cindy Lee
    Replies:
    1
    Views:
    2,046
    Mr. Arnold
    Mar 19, 2010
  5. Replies:
    10
    Views:
    316
    Sean O'Halpin
    Jul 17, 2006
Loading...

Share This Page