Reputation: 155
WCF service with Windows Authentication accessed from desktop and web
I have a a ASP.NET web site and a WinForms app connecting to the same WCF service.
The binding on the WCF service's web.config, WinForm app's app.config, and website web.config looks like:
<ws2007HttpBinding>
<binding name="LBinding" messageEncoding="Mtom">
<security mode="Message">
<transport clientCredentialType="Windows" />
<message clientCredentialType="Windows" />
</security>
</binding>
</ws2007HttpBinding>
In both the desktop app the web site, I am calling the DoSomething() function hosted on the service:
LClient client = new LClient();
client.ChannelFactory.Credentials.Windows.ClientCredential.UserName = usernameTextBox.Text
client.ChannelFactory.Credentials.Windows.ClientCredential.Password = passwordTextBox.Text
client.DoSomething()
The username/password are the Windows domain credentials. The username is in the form: domain\username
In both the desktop app and the web site, the windows authentication works perfectly when the user enters in the correct username/password combination.
However, on the web site, when the user enters in a valid username, and incorrect password, and clicks on the submit button to validate their credentials, the DoSomething method seems to "hang"; actually, it never even makes it to DoSomething() on the server. I have waited a few minutes, and the browser does not seem to be returning from the DoSomething() call.
On the other hand, in the desktop app, when the user enters in a valid username and incorrect password, the default windows security dialog appears. Here, if the user enters in the right credentials, DoSomething() is called successfully, if they enter in the wrong password, the same default windows security dialog shows up again, asking the user to reenter their credentials.
My questions are:
- why does calling DoSomething() seem to hang on the web site, but not on the desktop app.
- Perhaps, it has something to do with the desktop app showing the default windows security dialog. Is there a way to turn this off?
- Apparently, in IE, if you go to Internet Options -> Custom Level > User Authentication and choose the "prompt for user name and password" radio box, the default windows security dialog shows up, asking the user to reenter their credentials. I don't like this solution as it requires the user to modify their IE settings
Upvotes: 2
Views: 1485
Answers (2)
Reputation: 147
serviceClient.ClientCredentials.SupportInteractive = false;
Upvotes: 2
Reputation: 155
Update:
The desktop app is ran on a computer that is not on the network, and the browser that accesses the web app is also not on the network.
On the login form for both apps, the user enters in the username(domain\username) and password. When the user enters it correctly, DoSomething() runs fine.
The app.config seems correct in the desktop app, as when the user enters in the wrong password, DoSomething() doesn't hang. The same binding is used in the web.config of the website, but strangely hangs when a incorrect password is specified.
Also, when the user enters in the wrong domain in the username, DoSomething returns immediately specifying that the credentials are invalid(which is expected). The problem only seems to happen on the website, when the user enters in the correct domain, but incorrect password.
Upvotes: 0
Related Questions
- WCF and Authentication
- Web Service with Windows Authentication with Soap Client
- ASP.NET with WCF Windows Authentication
- ASP.NET authentication from a Windows Forms application
- How can I do Windows Authentication with WCF over http?
- WCF and Windows authentication
- How to add Windows Authentication to a WCF application
- WCF Service, Windows Authentication
- Windows Authentication using WCF and Self Hosting
- Authenticating ASP.NET web app with WCF service