Click here to Skip to main content
15,179,246 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi,
I have a ASP.NET application which retrives/posts data via a WCF service. I also need to impliment some kind of UserAuthentication for using few methods(services) in WCF.svc.cs. For this

Client web.config:

XML
<binding name="WSHttpBinding_IBlackboardServices" closeTimeout="00:01:00"
     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
     bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
     maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
     textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
      maxBytesPerRead="4096" maxNameTableCharCount="16384" />
     <reliableSession ordered="true" inactivityTimeout="00:10:00"
      enabled="false" />
     <security mode="Message">
       <transport clientCredentialType="Basic" proxyCredentialType="Basic"
        realm=""/>


      <message clientCredentialType="UserName" establishSecurityContext="false" algorithmSuite="TripleDes"/>
     </security>
    </binding>


the WCF Web.config is :

XML
<service behaviorConfiguration="FrontendServices.BlackboardServicesBehavior"
    name="FrontendServices.BlackboardServices">
    <endpoint address="" binding="wsHttpBinding" contract="FrontendServices.IBlackboardServices">
     <identity>
      <dns value="localhost" />
     </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
   </service>



In BlackboardServices.svc.cs Method is :
C#
[PrincipalPermission(SecurityAction.Demand, Role = "somerole")]
        public string DoWork()
        {
            return "work done";
        }



But I am getting the folling error when I call the method:

The token provider cannot get tokens for target 'http://wolf/InsourcesServices/BlackboardServices.svc'.
Posted

1 solution

As you havent provided what type of authentication do you want... You can use the following example.

First you will need an Active Directory User and Group, and then assign that User to that Group.

After that just change your code as follows...

-------------------

nahid477 wrote:
In BlackboardServices.svc.cs Method is :

[PrincipalPermission(SecurityAction.Demand, Role = "somerole")]
public string DoWork()
{
return "work done";
}




Instead of this use

C#
[PrincipalPermission(SecurityAction.Demand, Role = "'your active directory domain'\\active directory group that you just created")]
        public string DoWork()
        {
            return "work done";
        }



this will check whether the caller user is member of this active directory group or not (so you will get authentication and authorization both here).

---------------

nahid477 wrote:
the WCF Web.config is :

"xml"><removed behaviorconfiguration="FrontendServices.BlackboardServicesBehavior">
name="FrontendServices.BlackboardServices">
<removed address="" binding="wsHttpBinding" contract="FrontendServices.IBlackboardServices">

<removed value="localhost">


<removed address="mex" binding="mexHttpBinding" contract="IMetadataExchange">


now here in the < identity > section, use

XML
<servicePrincipalName value="HOST/your web server name"/>


this will be used by IIS to authenticate the user against active directory. (it has to be a server you cannot do this from your local computer, without setting spn ( use 'setspn' command) on your local machine)

-----------

nahid477 wrote:
Client web.config:

"xml"><removed name="WSHttpBinding_IBlackboardServices" closetimeout="00:01:00">
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<removed maxdepth="32" maxstringcontentlength="8192" maxarraylength="16384">
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<removed ordered="true" inactivitytimeout="00:10:00">
enabled="false" />
<removed mode="Message">
<removed clientcredentialtype="Basic" proxycredentialtype="Basic">
realm=""/>


<removed clientcredentialtype="UserName" establishsecuritycontext="false" algorithmsuite="TripleDes">



here you need to configure your windows authentication...

XML
<security mode="Message">
  <transport realm="" />
  <message clientCredentialType="Windows" negotiateServiceCredential="true"
    algorithmSuite="Default" establishSecurityContext="true" />
</security>




------------

and at last before calling your webservice you need to pass that user credentials that you have created in first step.

i.e.


C#
YourwcfClient.ClientCredentials.Windows.ClientCredential.Domain = "your active directory domain";
YourwcfClient.ClientCredentials.Windows.ClientCredential.UserName = "that user name you have created in step 1";
YourwcfClient.ClientCredentials.Windows.ClientCredential.Password = "valid password for that user";


// now call your method here
// i.e. YourwcfClient.DoWork();


now only users who are in that active directory group can call this web service.

huh... I Hope this will help... :)
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900