user5466334
Reputation:
WCF Service with Basic Auth over HTTP
I'm developing a WCF Service Application with
- Server hosting the app is in domain
- Authorize client using basic authentication
- mapping username and password to AD user
- HTTP
- IIS only allow Basic Auth
I have found this MSDN article, but this is a sample for HTTPS.
Huge mount tries on web.config has been made, but I cannot figure out how to config.
Any help will be appreciated :)
Thanks
Upvotes: 2
Views: 2239
Answers (1)
Mumin Asaad
Reputation: 180
you can change the binding to be basic binding instead of wsBining
<basicHttpBinding>
<binding name="BasicBinding" receiveTimeout="00:01:00"
sendTimeout="00:01:00">
<security mode="None">
<transport clientCredentialType="Basic"/>
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
an other option you can add a custom user validation method (Class) to your application and create your authentication inside of it
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<useRequestHeadersForMetadataAddress />
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication customCertificateValidatorType="WCFServices.clsCertificateValidator, App_Code/WCFServices" certificateValidationMode="Custom" revocationMode="NoCheck" />
</clientCertificate>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WCFServices.clsUserValidator, App_Code/WCFServices" />
<peer>
<peerAuthentication customCertificateValidatorType="WCFServices.clsCertificateValidator, App_Code/WCFServices" certificateValidationMode="Custom" revocationMode="NoCheck" />
<messageSenderAuthentication customCertificateValidatorType="WCFServices.clsCertificateValidator, App_Code/WCFServices" certificateValidationMode="Custom" revocationMode="NoCheck" />
</peer>
<issuedTokenAuthentication audienceUriMode="Never" customCertificateValidatorType="WCFServices.clsCertificateValidator, App_Code/WCFServices" certificateValidationMode="Custom" revocationMode="NoCheck" allowUntrustedRsaIssuers="true" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
And in this class if you need to stop the user throw exception.
Upvotes: 1
Related Questions
- Custom WCF credential validator with basicHttpBinding, Transport security, and Basic client credential type
- WCF in IIS, http basic authentication - Windows User "security" implications
- Get username in WCF service using basic auth with IIS
- Adding basic HTTP auth to a WCF REST service
- Basic Authentication with WCF REST service to something other than windows accounts?
- IIS hosted WCF-service + Windows auth in IIS + TransportCredentialOnly/Windows auth in basicHttpBinding
- WCF + Basic Auth - Won't stop using Anonymous Auth