Credentials passed from client to WCF do not make it there

Question

Im trying to pass windows credentials into WCF service that requires windows authentication but it seems like my credentials are not making it into the service. My service does not throw any errors but when I check either of the 2 below they are empty. var user = WindowsIdentity.GetCurrent().User; var callerUserName = ServiceSecurityContext.Current.WindowsIdentity.User;

Here is my client side code ServiceReference1.DispatchServiceClient service = new DispatchServiceClient(); service.ClientCredentials.Windows.ClientCredential = ServiceCredentialsManager.GetNetworkCredentials(); service.ClientCredentials.UserName.UserName= ServiceCredentialsManager.GetNetworkCredentials().UserName; service.ClientCredentials.UserName.Password = ServiceCredentialsManager.GetNetworkCredentials().Password;

Client config -

 <basicHttpBinding>
    <binding name="BasicHttpsBinding_IDispatchService">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
  <basicHttpsBinding>
    <binding name="basicHttpsBindingMax" maxBufferSize="999999999"
      maxReceivedMessageSize="999999999">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpsBinding>
</bindings>

Service config -

 <system.serviceModel>
      <bindings>
      <basicHttpBinding>
          <binding name="basicHttpsBinding">
              <security mode="Transport">
                  <transport clientCredentialType="Windows" />
              </security>
          </binding>
      </basicHttpBinding>
  </bindings>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<protocolMapping>
  <add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

Answer 1

Please note that in order to use Windows Authentication both service and the client application has to be run in the same Windows domain.

Please also make sure that that in the client the values You assign are not empty. Usually, the password isn't accessible from code when Windows authentication is used.

If the service client is authenticated using Windows Authentication, You probably shouldn't manually pass the credentials to the service. The authentication process should be handled automatically by the WCF and doesn't rely simply on sending the credentials, but for example it can use Kerberos ticket instead.

Please take a look here for some description and code samples for client and service:

• https://msdn.microsoft.com/en-us/library/ms734673%28v=vs.110%29.aspx
• https://msdn.microsoft.com/en-us/library/ms733089%28v=vs.110%29.aspx

Update

After some research I've found several sources suggesting that setting credentials appropriately in the client code may enable WCF to authenticate from outside the domain:

• https://devdump.wordpress.com/2009/04/29/wcf-windows-authentication-and-external-users/
• http://subbusspace.blogspot.com/2009/10/accessing-wshttp-wcf-service-from.html

The code samples suggested in those articles are similar, but slightly different to the one You've posted in the question. I haven't tested those methods and they may not work in all scenarios.