Table of contents
Introduction and goal
In this session, we will go through eight basic steps by which we can enable Windows authentication security on BasicHttpBinding
. There are two types of security you can define in WCF: transport level and message level. In this article, we will discuss how we can define transport level security on BasicHttpBinding
.
Nowadays I am distributing my 400 questions and answers ebook which covers major .NET related topics like WCF, WPF, WWF, AJAX, core .NET, SQL Server, architecture, and a lot more. I am sure you will enjoy this ebook: http://www.questpond.com/SampleDotNetInterviewQuestionBook.zip.
My other WCF FAQ articles
Step 1: Create a WCF project
Create a WCF service application project as shown in the below figure:
By default, the WCF project creates a class file which has the GetData
function. This function takes in a number values and displays an explanatory sentence like ‘You entered 1 value’ when you enter ‘1’.
public class Service1 : IService1
{
public string GetData(int value)
{
return string.Format("You entered: {0}", value);
}
}
Step 2: Ensure authentication mode is Windows
When we create a WCF service application, it also has a web.config file associated with it. So open the web.config file and ensure that the authentication mode is Windows.
<authentication mode="Windows" />
Step 3: Define the binding in the web.config file
The third step is to define the bindings and the transport type. To define the bindings, we need to enter the basicHttpBinding
element inside the bindings
XML tag. We also need to define the clientCredentialType
as Windows.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
.........
.........
</system.serviceModel>
Step 4: Bind the bindings with service interface
Now the bindings defined needs to be associated with a service interface, i.e., service1
. So we need to modify the services
elements as shown below. You can note that we have defined an end point which has the binding association.
<system.serviceModel>
........
........
........
<services>
<service behaviorConfiguration="WCFWindowsBasicHttpBinding.Service1Behavior"
name="WCFWindowsBasicHttpBinding.Service1">
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="BasicHttpEndpointBinding"
name="BasicHttpEndpoint" contract="WCFWindowsBasicHttpBinding.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</service>
</services>
.........
.........
.........
.........
</system.serviceModel>
Overall your <system.serviceModel>
XML part as a whole with bindings and services is as shown below:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCFWindowsBasicHttpBinding.Service1Behavior"
name="WCFWindowsBasicHttpBinding.Service1">
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="BasicHttpEndpointBinding"
name="BasicHttpEndpoint" contract="WCFWindowsBasicHttpBinding.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFWindowsBasicHttpBinding.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Step 5: Ensure that anonymous access is disabled
Go to IIS properties and click on the Security tab and ensure that anonymous access is disabled and only Windows authentication is enabled.
Step 6: Host your WCF service on IIS
We need to host our service in IIS. Make the directory an IIS application so that your service can be hosted. Now if you try to browse the service, i.e., the SVC file, you will see that it pops up the authentication authorization security dialog box. So this service cannot be executed with Windows authentication.
Step 7: Consume the WCF service
Let’s consume the WCF service. Add an ASP.NET web application and do a add web reference. You will be popped up with a dialog box as shown below. Click on Add Reference so that a proxy is generated for the WCF service.
Step 8: Create the WCF client
Type in the following code snippet in your page load. Add the namespace reference and call the method GetData
. The most important step to note is the credential supplied. DefaultCredentials
passes the current Windows identity to the WCF service.
If you execute the service, you should get the following display as shown below:
You can try commenting the below code in your client, in other words we are not passing any credentials.
obj.Credentials = System.Net.CredentialCache.DefaultCredentials;
Now if you execute, you should get the below error stating that this is an unauthorized call.
For further reading do watch the below interview preparation videos and step by step video series.