How to setup WCF service that is using an alternate Windows creden

S

Siyad

Hi,

I am really confused! and couldn't find any resource to solve my confusion.
I am not sure whether this is an appropriate place to ask WCF query. Since i
found this WCF releted query here, i assume this may be a proper place. Ok
now let me move to the query.

I have a WCF service which will authenticate the clients accessing it using
a valid username/password from Active Directory or local machine. I am
hosting my service in IIS and i have disabled 'anonymous access' option too
instead i turned on Integrated Windows Authentication option. Now when i try
to access the SVC file of service thru browser it is asking me for windows
user id / password. But same way if i try to invoke a service method from
client application it fails and throws an exception. I am setting the
clientproxy's clientcredential appropriately. Just like the one below


ServiceClient client = new ServiceClient();
client.ClientCredentials.Windows.ClientCredential = new
System.Net.NetworkCredential("Others", "password");
MessageBox.Show(client.GetData(1234));
client.Close();


Here is my Web.config file portion

<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfig" >
<security>
<message negotiateServiceCredential="false"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="Service" behaviorConfiguration="ServiceBehavior">
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding" contract="IService"
bindingConfiguration="wsHttpBindingConfig">
<!--
Upon deployment, the following identity element should be
removed or replaced to reflect the
identity under which the deployed service runs. If removed,
WCF will infer an appropriate identity
automatically.
-->
<identity>
<servicePrincipalName value="localhost/ASTRIX"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to
false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set
the value below to true. Set to false before deployment to avoid disclosing
exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>

Here is client side app.config

<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384"
/>
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="http://astrix/WinAuthDemoWCFService/Service.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService"
contract="ServiceReference1.IService"
name="WSHttpBinding_IService">
<identity>
<userPrincipalName value="localhost/ASTRIX" />
</identity>
</endpoint>
</client>
</system.serviceModel>

When i try to access the service method from client, getting following
exception

SecurityMessageException-{"The HTTP request is unauthorized with client
authentication scheme 'Anonymous'. The authentication header received from
the server was 'Negotiate,NTLM'."}
InnerException - (WebException) - {"The remote server returned an error:
(401) Unauthorized."}.


is there anything extra i have to setup?.... What is the role of SPN and UPN
in this scenario?

Thanks in Adv,
Siyad
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,733
Messages
2,569,440
Members
44,830
Latest member
ZADIva7383

Latest Threads

Top