As you havent provided what type of authentication do you want... You can use the following example.
First you will need an Active Directory
User
and
Group
, and then assign that
User
to that
Group
.
After that just change your code as follows...
-------------------
nahid477 wrote:
In BlackboardServices.svc.cs Method is :
[PrincipalPermission(SecurityAction.Demand, Role = "somerole")]
public string DoWork()
{
return "work done";
}
Instead of this use
[PrincipalPermission(SecurityAction.Demand, Role = "'your active directory domain'\\active directory group that you just created")]
public string DoWork()
{
return "work done";
}
this will check whether the caller user is member of this active directory group or not (so you will get authentication and authorization both here).
---------------
nahid477 wrote:
the WCF Web.config is :
"xml"><removed behaviorconfiguration="FrontendServices.BlackboardServicesBehavior">
name="FrontendServices.BlackboardServices">
<removed address="" binding="wsHttpBinding" contract="FrontendServices.IBlackboardServices">
<removed value="localhost">
<removed address="mex" binding="mexHttpBinding" contract="IMetadataExchange">
now here in the
< identity >
section, use
<servicePrincipalName value="HOST/your web server name"/>
this will be used by IIS to authenticate the user against active directory. (it has to be a server you cannot do this from your local computer, without setting spn ( use 'setspn' command) on your local machine)
-----------
nahid477 wrote:
Client web.config:
"xml"><removed name="WSHttpBinding_IBlackboardServices" closetimeout="00:01:00">
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<removed maxdepth="32" maxstringcontentlength="8192" maxarraylength="16384">
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<removed ordered="true" inactivitytimeout="00:10:00">
enabled="false" />
<removed mode="Message">
<removed clientcredentialtype="Basic" proxycredentialtype="Basic">
realm=""/>
<removed clientcredentialtype="UserName" establishsecuritycontext="false" algorithmsuite="TripleDes">
here you need to configure your windows authentication...
<security mode="Message">
<transport realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
------------
and at last before calling your webservice you need to pass that user credentials that you have created in first step.
i.e.
YourwcfClient.ClientCredentials.Windows.ClientCredential.Domain = "your active directory domain";
YourwcfClient.ClientCredentials.Windows.ClientCredential.UserName = "that user name you have created in step 1";
YourwcfClient.ClientCredentials.Windows.ClientCredential.Password = "valid password for that user";
// now call your method here
// i.e. YourwcfClient.DoWork();
now only users who are in that active directory group can call this web service.
huh... I Hope this will help... :)