469,275 Members | 1,802 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,275 developers. It's quick & easy.

WCF UserName authentication

HI,

I'm trying to implement username authentication for a WCF service
(hosted in ServiceHost, not IIS) and once service starts it gets to
Faulted state if i specify:

tcpBinding.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;

Here's the piece of code where service is being started (all settings,
e.g. endpoints, behaviors are set in code - there is no app.config in
the project):
//////-------------------------------
urlService = "http://localhost:8000/MyService";

host = new ServiceHost(typeof(ServiceLibrary.service1));
host.Opening += new EventHandler(host_Opening);
host.Opened += new EventHandler(host_Opened);
host.Closing += new EventHandler(host_Closing);
host.Closed += new EventHandler(host_Closed);
host.Faulted += new EventHandler(host_Faulted);

WSHttpBinding tcpBinding = new WSHttpBinding();
tcpBinding.TransactionFlow = false;
tcpBinding.Security.Mode = SecurityMode.Message;
tcpBinding.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;

// Add a endpoint

host.AddServiceEndpoint(typeof(ServiceLibrary.ISer vice1), tcpBinding,
urlService);

ServiceMetadataBehavior metadataBehavior;
metadataBehavior =
host.Description.Behaviors.Find<ServiceMetadataBeh avior>();
if (metadataBehavior == null)
{
metadataBehavior = new ServiceMetadataBehavior();
metadataBehavior.HttpGetUrl = new
Uri("http://localhost:8000/MyService");
metadataBehavior.HttpGetEnabled = true;
host.Description.Behaviors.Add(metadataBehavior);
}
ServiceCredentials serviceCred =
host.Description.Behaviors.Find<ServiceCredentials >();
if (serviceCred == null)
{
serviceCred = new ServiceCredentials();

serviceCred.UserNameAuthentication.UserNamePasswor dValidationMode =
UserNamePasswordValidationMode.Custom;

serviceCred.UserNameAuthentication.CustomUserNameP asswordValidator = new
MyCustomUserNameValidator();

host.Description.Behaviors.Add(serviceCred);
}
host.Open();

//-------------------------------------------------------------------

If i don't put "tcpBinding.Security.Message.ClientCredentialT ype =
MessageCredentialType.UserName;" service starts and works (if i exclude
authentication) but of cource authentication doesn't work.
Any ideas what might be wrong?

Thank you,
MuZZy
Jan 7 '07 #1
3 20118
Hello MuZzy,

For your WCF username secured service, I've performed some test on my local
environment and comparing the standard username(custom validator) service
configuration with yours. I found that what you've missed here is
configuring the service identity(server certificate for your
ServiceCredentials behavior). You can see it when you use the declartive
means(through app.config)

==========app.config===========
<system.serviceModel>
<services>
<service name="ServerApp.CalculatorService"
behaviorConfiguration="CalculatorServiceBehavior" >
<host>
<baseAddresses>

<add baseAddress ="http://localhost:8888/ServerApp"/>
</baseAddresses>
</host>

<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="Binding1"
contract="ServerApp.ICalculator" />
</service>
</services>

<bindings>
<wsHttpBinding>

<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior"
includeExceptionDetailInFaults="True">
<serviceCredentials>

<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ServerApp.Cus tomUserNameValidator,
ServerApp" />

<serviceCertificate findValue="localhost"
storeLocation="LocalMachine" storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>

<serviceMetadata
httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
====================================

Here is my test code which programmatically configure the service
application conforms to the above app.config file

===========code ===================
static void RunCode()
{
Uri baseuri = new Uri("http://localhost:8888/ServerApp");
ServiceHost host = new ServiceHost(typeof(CalculatorService),
baseuri);
//configure endpoint and binding
WSHttpBinding wsbd = new WSHttpBinding(SecurityMode.Message);
wsbd.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;
//add endpoint for Icalculator
host.AddServiceEndpoint(typeof(ICalculator), wsbd, "");
// configure service behavior

ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
host.Description.Behaviors.Add(smb);

ServiceCredentials scb = new ServiceCredentials();
scb.UserNameAuthentication.UserNamePasswordValidat ionMode =
System.ServiceModel.Security.UserNamePasswordValid ationMode.Custom;
scb.UserNameAuthentication.CustomUserNamePasswordV alidator =
new CustomUserNameValidator();

scb.ServiceCertificate.SetCertificate(StoreLocatio n.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "localhost");
host.Description.Behaviors.Add(scb);

try
{
host.Open();

Console.WriteLine("The service is ready.");
Console.WriteLine("The service is running in the following
account: {0}", WindowsIdentity.GetCurrent().Name);
Console.WriteLine("Press <ENTERto terminate service.");
Console.WriteLine();
Console.ReadLine();
}
catch (Exception ex)
{

}
finally
{
host.Close();
}
}
=======================================

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.



Jan 8 '07 #2
Steven Cheng[MSFT] wrote:
Hello MuZzy,

For your WCF username secured service, I've performed some test on my local
environment and comparing the standard username(custom validator) service
configuration with yours. I found that what you've missed here is
configuring the service identity(server certificate for your
ServiceCredentials behavior). You can see it when you use the declartive
means(through app.config)

==========app.config===========
<system.serviceModel>
<services>
<service name="ServerApp.CalculatorService"
behaviorConfiguration="CalculatorServiceBehavior" >
<host>
<baseAddresses>

<add baseAddress ="http://localhost:8888/ServerApp"/>
</baseAddresses>
</host>

<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="Binding1"
contract="ServerApp.ICalculator" />
</service>
</services>

<bindings>
<wsHttpBinding>

<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior"
includeExceptionDetailInFaults="True">
<serviceCredentials>

<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ServerApp.Cus tomUserNameValidator,
ServerApp" />

<serviceCertificate findValue="localhost"
storeLocation="LocalMachine" storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>

<serviceMetadata
httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
====================================

Here is my test code which programmatically configure the service
application conforms to the above app.config file

===========code ===================
static void RunCode()
{
Uri baseuri = new Uri("http://localhost:8888/ServerApp");
ServiceHost host = new ServiceHost(typeof(CalculatorService),
baseuri);
//configure endpoint and binding
WSHttpBinding wsbd = new WSHttpBinding(SecurityMode.Message);
wsbd.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;
//add endpoint for Icalculator
host.AddServiceEndpoint(typeof(ICalculator), wsbd, "");
// configure service behavior

ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
host.Description.Behaviors.Add(smb);

ServiceCredentials scb = new ServiceCredentials();
scb.UserNameAuthentication.UserNamePasswordValidat ionMode =
System.ServiceModel.Security.UserNamePasswordValid ationMode.Custom;
scb.UserNameAuthentication.CustomUserNamePasswordV alidator =
new CustomUserNameValidator();

scb.ServiceCertificate.SetCertificate(StoreLocatio n.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "localhost");
host.Description.Behaviors.Add(scb);

try
{
host.Open();

Console.WriteLine("The service is ready.");
Console.WriteLine("The service is running in the following
account: {0}", WindowsIdentity.GetCurrent().Name);
Console.WriteLine("Press <ENTERto terminate service.");
Console.WriteLine();
Console.ReadLine();
}
catch (Exception ex)
{

}
finally
{
host.Close();
}
}

But for that you have to have a SSL certificate installed on your
system, right?
Jan 9 '07 #3
Hi MuZZy,

Yes, when you use message security with the WSHttpBinding, it require the
service side to authenticate itself(to client) also. Therefore, you need to
provide a server certifricate for the service. At development time, you
can use a test service as the WCF username security sample does. At
production & deployment scenario, you need to purchase a server
certificate(such as SSL certificate) from some trust authority(like
verisign).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
Jan 9 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

14 posts views Thread by Brent Burkart | last post: by
1 post views Thread by Sudhakara.T.P. | last post: by
3 posts views Thread by dorrit.Riemenschneider | last post: by
reply views Thread by Gery D. Dorazio | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.