Getting current user from a basic WCF service project

Question

I have a basic WCF service project in Visual Studio 2010, which consists of a .svc file, the associated .cs, and Web.config. My problem is that when using the WCF Test Client I can't get a user. OperationContext.Current.ServiceSecurityContext is null, as is HttpContext.Current. I managed to get security set to Transport on the WCF client, but now I'm getting the following error:

The provided URI scheme 'http' is invalid; expected 'https'.

My Web.config is as follows:

  <system.web>
    <compilation debug="true" targetFramework="4.0" />
  </system.web>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

</configuration>

My WCF Test Client config is as follows:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="BasicHttpBinding_MyService">
                    <security mode="Transport">
                        <transport clientCredentialType="None" proxyCredentialType="None" realm=""/> 
                <message clientCredentialType="Certificate" algorithmSuite="Default" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint address="http://localhost:57165/MyService.svc" binding="basicHttpBinding"
                bindingConfiguration="BasicHttpBinding_MyService" contract="MyService"
                name="BasicHttpBinding_MyService" />
        </client>
    </system.serviceModel>
</configuration>

I'm totally new to writing new services, so the other posts I've seen that supposedly answer the question say to do things but not where to do them. I'm looking for something clear and concise here.

What am I missing here, or am I going about getting the current user all wrong?

Answer 1

The WCF client throws the "The provided URI scheme 'http' is invalid; expected 'https' " error because the basicHttpBinding specifies security mode="Transport"> but the endpoint address currently indicates a non-secure protocol (endpoint address="http://localhost:57165/MyService.svc". Update the endpoint address to match the binding's security to resolve the communication issue.

Once the transport error is resolved, you can then focus on the proper security binding and the code needed to extract the user information. In order to get the username, your binding will need to specify a client credential type of username. Your service can then access the user information by using System.ServiceModel.ServiceSecurityContext through the OperationContext.

The following links may be useful:
http://www.codemag.com/article/0611051
http://msdn.microsoft.com/en-us/library/ms731058%28v=vs.110%29.aspx
http://msdn.microsoft.com/en-us/library/system.servicemodel.servicesecuritycontext(v=vs.110).aspx

Answer 2

In order to get windows credentials out of your wcf webservice, your binding has to be a wsHttpBinding:

<wsHttpBinding>
            <binding name="wsHttpBinding_MyService">
                <security mode="TransportCredentialOnly" />
            </binding>
</wsHttpBinding>

This is an example of a working security that transports the credentials.