As you havent provided what type of authentication do you want... You can use the following example.
First you will need an Active Directory
User and
Group, and then assign that
User to that
Group.
After that just change your code as follows...
-------------------
nahid477 wrote:
In BlackboardServices.svc.cs Method is :
[PrincipalPermission(SecurityAction.Demand, Role = "somerole")]
public string DoWork()
{
return "work done";
}
Instead of this use
[PrincipalPermission(SecurityAction.Demand, Role = "'your active directory domain'\\active directory group that you just created")]
public string DoWork()
{
return "work done";
}
this will check whether the caller user is member of this active directory group or not (so you will get authentication and authorization both here).
---------------
nahid477 wrote:
the WCF Web.config is :
"xml"><removed behaviorconfiguration="FrontendServices.BlackboardServicesBehavior">
name="FrontendServices.BlackboardServices">
<removed address="" binding="wsHttpBinding" contract="FrontendServices.IBlackboardServices">
<removed value="localhost">
<removed address="mex" binding="mexHttpBinding" contract="IMetadataExchange">
now here in the
< identity > section, use
<servicePrincipalName value="HOST/your web server name"/>
this will be used by IIS to authenticate the user against active directory. (it has to be a server you cannot do this from your local computer, without setting spn ( use 'setspn' command) on your local machine)
-----------
nahid477 wrote:
Client web.config:
"xml"><removed name="WSHttpBinding_IBlackboardServices" closetimeout="00:01:00">
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<removed maxdepth="32" maxstringcontentlength="8192" maxarraylength="16384">
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<removed ordered="true" inactivitytimeout="00:10:00">
enabled="false" />
<removed mode="Message">
<removed clientcredentialtype="Basic" proxycredentialtype="Basic">
realm=""/>
<removed clientcredentialtype="UserName" establishsecuritycontext="false" algorithmsuite="TripleDes">
here you need to configure your windows authentication...
<security mode="Message">
<transport realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
------------
and at last before calling your webservice you need to pass that user credentials that you have created in first step.
i.e.
YourwcfClient.ClientCredentials.Windows.ClientCredential.Domain = "your active directory domain";
YourwcfClient.ClientCredentials.Windows.ClientCredential.UserName = "that user name you have created in step 1";
YourwcfClient.ClientCredentials.Windows.ClientCredential.Password = "valid password for that user";
// now call your method here
// i.e. YourwcfClient.DoWork();
now only users who are in that active directory group can call this web service.
huh... I Hope this will help... :)
Submit an article or tip