Monday 30 May 2011

WCF Authentication

WCF is a distributed technology, you build the WCF service to serve the functionality to the Client, The Client could be on Intranet or on Internet. It is almost always mandatory for the Service to know its client (Authenticate) before accepting the message or sending the message to the client.
WCF provides various ways to accept the credential from client and authenticate it. The following table shows the possible credential types that you can use when creating an application. You can use these values in either code or configuration files.
Setting Description
None Specifies that the client does not need to present a credential. This translates to an anonymous client.
Windows Allows SOAP message exchanges to occur under the security context established with a Windows credential.
Username Allows the service to require that the client be authenticated with a user name credential. Note that WCF does not allow any cryptographic operations with user names, such as generating a signature or encrypting data. WCF ensures that the transport is secured when using user name credentials.
Certificate Allows the service to require that the client be authenticated using an X.509 certificate.
Issued Token A custom token type configured according to a security policy. The default token type is Security Assertions Markup Language (SAML). The token is issued by a secure token service. For more information, see Federation and Issued Tokens.
In this Article, I will cover Authentication using User Name (How to authenticate client using User Name and Password)

Configure a service to authenticate with a user name and password

Authenticate the client with the User Name and Password can be configured either using Code or using Configuration file.

Using Code

  1. Create an instance of the WSHttpBinding class.
  2. Set the Mode property of the WSHttpSecurity class to Message. The WSHttpSecurity object is accessible through the Security property of the WSHttpBinding class.
  3. Set the ClientCredentialType property of the MessageSecurityOverHttp class to UserName. The MessageSecurityOverHttp is accessed through the Message property of the WSHttpSecurity class, as shown in the following code.
    WSHttpBinding myBinding = new WSHttpBinding(); myBinding.Security.Mode = SecurityMode.Message; myBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

Using Configuration file

  1. Add a wsHttpBinding Element to the <bindings> section of the Web.config file.
  2. Add a binding element to the wsHttpBinding element and set the configurationName attribute to a value appropriate to your needs.
  3. Add a <security> for <wsHttpBinding> element to the binding and set the mode attribute to "Message".
  4. Add a <message> for <security> for <wsHttpBinding> to the security binding, and set the clientCredentialType attribute to "UserName", as shown in the following code:
      <system.serviceModel> <bindings> <wsHttpBinding> <binding name=”Binding1″> <security mode=”Message”> <message clientCredentialType=”UserName”/> </security> </binding> </wsHttpBinding> </bindings> </system.serviceModel>

  • Create a service that uses the new binding, as shown in the following code.

    1. <services> <service type=”Microsoft.ServiceModel.Samples.CalculatorService” behaviorConfiguration=”CalculatorServiceBehavior”> <!– Use the base address provided by the host. –> <endpoint address=”" binding=”wsHttpBinding” bindingConfiguration=”Binding1″ contract=”Microsoft.ServiceModel.Samples.ICalculator” /> </service> </services>

    Client Code to sent the User Name and Password to Service

    1. Create an instance of the client class as shown in the following code.
        CalculatorClient client = new CalculatorClient("default");
    2. Set the Password property of the UserNamePasswordClientCredential class to the password. The class is accessible from the client object, as shown in the following code.
        client.ClientCredentials.UserName.Password = "Your Password";
    3. Set the UserName property to the user’s user name.
        client.ClientCredentials.UserName.UserName = "Your User Name";
    4. Call the methods of the service.
        double value1 = client.Add(100, 15.99);

    1 comment:

    1. Good stuff.. quite useful ..
      Happy coding