473,389 Members | 1,119 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,389 software developers and data experts.

WCF UserName authentication

HI,

I'm trying to implement username authentication for a WCF service
(hosted in ServiceHost, not IIS) and once service starts it gets to
Faulted state if i specify:

tcpBinding.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;

Here's the piece of code where service is being started (all settings,
e.g. endpoints, behaviors are set in code - there is no app.config in
the project):
//////-------------------------------
urlService = "http://localhost:8000/MyService";

host = new ServiceHost(typeof(ServiceLibrary.service1));
host.Opening += new EventHandler(host_Opening);
host.Opened += new EventHandler(host_Opened);
host.Closing += new EventHandler(host_Closing);
host.Closed += new EventHandler(host_Closed);
host.Faulted += new EventHandler(host_Faulted);

WSHttpBinding tcpBinding = new WSHttpBinding();
tcpBinding.TransactionFlow = false;
tcpBinding.Security.Mode = SecurityMode.Message;
tcpBinding.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;

// Add a endpoint

host.AddServiceEndpoint(typeof(ServiceLibrary.ISer vice1), tcpBinding,
urlService);

ServiceMetadataBehavior metadataBehavior;
metadataBehavior =
host.Description.Behaviors.Find<ServiceMetadataBeh avior>();
if (metadataBehavior == null)
{
metadataBehavior = new ServiceMetadataBehavior();
metadataBehavior.HttpGetUrl = new
Uri("http://localhost:8000/MyService");
metadataBehavior.HttpGetEnabled = true;
host.Description.Behaviors.Add(metadataBehavior);
}
ServiceCredentials serviceCred =
host.Description.Behaviors.Find<ServiceCredentials >();
if (serviceCred == null)
{
serviceCred = new ServiceCredentials();

serviceCred.UserNameAuthentication.UserNamePasswor dValidationMode =
UserNamePasswordValidationMode.Custom;

serviceCred.UserNameAuthentication.CustomUserNameP asswordValidator = new
MyCustomUserNameValidator();

host.Description.Behaviors.Add(serviceCred);
}
host.Open();

//-------------------------------------------------------------------

If i don't put "tcpBinding.Security.Message.ClientCredentialT ype =
MessageCredentialType.UserName;" service starts and works (if i exclude
authentication) but of cource authentication doesn't work.
Any ideas what might be wrong?

Thank you,
MuZZy
Jan 7 '07 #1
3 20313
Hello MuZzy,

For your WCF username secured service, I've performed some test on my local
environment and comparing the standard username(custom validator) service
configuration with yours. I found that what you've missed here is
configuring the service identity(server certificate for your
ServiceCredentials behavior). You can see it when you use the declartive
means(through app.config)

==========app.config===========
<system.serviceModel>
<services>
<service name="ServerApp.CalculatorService"
behaviorConfiguration="CalculatorServiceBehavior" >
<host>
<baseAddresses>

<add baseAddress ="http://localhost:8888/ServerApp"/>
</baseAddresses>
</host>

<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="Binding1"
contract="ServerApp.ICalculator" />
</service>
</services>

<bindings>
<wsHttpBinding>

<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior"
includeExceptionDetailInFaults="True">
<serviceCredentials>

<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ServerApp.Cus tomUserNameValidator,
ServerApp" />

<serviceCertificate findValue="localhost"
storeLocation="LocalMachine" storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>

<serviceMetadata
httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
====================================

Here is my test code which programmatically configure the service
application conforms to the above app.config file

===========code ===================
static void RunCode()
{
Uri baseuri = new Uri("http://localhost:8888/ServerApp");
ServiceHost host = new ServiceHost(typeof(CalculatorService),
baseuri);
//configure endpoint and binding
WSHttpBinding wsbd = new WSHttpBinding(SecurityMode.Message);
wsbd.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;
//add endpoint for Icalculator
host.AddServiceEndpoint(typeof(ICalculator), wsbd, "");
// configure service behavior

ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
host.Description.Behaviors.Add(smb);

ServiceCredentials scb = new ServiceCredentials();
scb.UserNameAuthentication.UserNamePasswordValidat ionMode =
System.ServiceModel.Security.UserNamePasswordValid ationMode.Custom;
scb.UserNameAuthentication.CustomUserNamePasswordV alidator =
new CustomUserNameValidator();

scb.ServiceCertificate.SetCertificate(StoreLocatio n.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "localhost");
host.Description.Behaviors.Add(scb);

try
{
host.Open();

Console.WriteLine("The service is ready.");
Console.WriteLine("The service is running in the following
account: {0}", WindowsIdentity.GetCurrent().Name);
Console.WriteLine("Press <ENTERto terminate service.");
Console.WriteLine();
Console.ReadLine();
}
catch (Exception ex)
{

}
finally
{
host.Close();
}
}
=======================================

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.



Jan 8 '07 #2
Steven Cheng[MSFT] wrote:
Hello MuZzy,

For your WCF username secured service, I've performed some test on my local
environment and comparing the standard username(custom validator) service
configuration with yours. I found that what you've missed here is
configuring the service identity(server certificate for your
ServiceCredentials behavior). You can see it when you use the declartive
means(through app.config)

==========app.config===========
<system.serviceModel>
<services>
<service name="ServerApp.CalculatorService"
behaviorConfiguration="CalculatorServiceBehavior" >
<host>
<baseAddresses>

<add baseAddress ="http://localhost:8888/ServerApp"/>
</baseAddresses>
</host>

<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="Binding1"
contract="ServerApp.ICalculator" />
</service>
</services>

<bindings>
<wsHttpBinding>

<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior"
includeExceptionDetailInFaults="True">
<serviceCredentials>

<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ServerApp.Cus tomUserNameValidator,
ServerApp" />

<serviceCertificate findValue="localhost"
storeLocation="LocalMachine" storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>

<serviceMetadata
httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
====================================

Here is my test code which programmatically configure the service
application conforms to the above app.config file

===========code ===================
static void RunCode()
{
Uri baseuri = new Uri("http://localhost:8888/ServerApp");
ServiceHost host = new ServiceHost(typeof(CalculatorService),
baseuri);
//configure endpoint and binding
WSHttpBinding wsbd = new WSHttpBinding(SecurityMode.Message);
wsbd.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;
//add endpoint for Icalculator
host.AddServiceEndpoint(typeof(ICalculator), wsbd, "");
// configure service behavior

ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
host.Description.Behaviors.Add(smb);

ServiceCredentials scb = new ServiceCredentials();
scb.UserNameAuthentication.UserNamePasswordValidat ionMode =
System.ServiceModel.Security.UserNamePasswordValid ationMode.Custom;
scb.UserNameAuthentication.CustomUserNamePasswordV alidator =
new CustomUserNameValidator();

scb.ServiceCertificate.SetCertificate(StoreLocatio n.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "localhost");
host.Description.Behaviors.Add(scb);

try
{
host.Open();

Console.WriteLine("The service is ready.");
Console.WriteLine("The service is running in the following
account: {0}", WindowsIdentity.GetCurrent().Name);
Console.WriteLine("Press <ENTERto terminate service.");
Console.WriteLine();
Console.ReadLine();
}
catch (Exception ex)
{

}
finally
{
host.Close();
}
}

But for that you have to have a SSL certificate installed on your
system, right?
Jan 9 '07 #3
Hi MuZZy,

Yes, when you use message security with the WSHttpBinding, it require the
service side to authenticate itself(to client) also. Therefore, you need to
provide a server certifricate for the service. At development time, you
can use a test service as the WCF username security sample does. At
production & deployment scenario, you need to purchase a server
certificate(such as SSL certificate) from some trust authority(like
verisign).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
Jan 9 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

14
by: John Davis | last post by:
Anyone knows how to create the username/password authorization dialog in ASP? Thanks, John
3
by: Newbie | last post by:
I am a newsbie to ASP but need to get a script together that will insert the Windows Username of the local machine into an access database. I get the errors from my code below, can anyone help me...
14
by: Brent Burkart | last post by:
I am trying to capture the Windows Authenticated username, but I want to be able to capture the login name that exists in IIS, not Windows. In order to enter my company's intranet through the...
8
by: Raj Thakkar | last post by:
Hi, I am currenty working on a site for intranet. I have a user control in the header of every page that will be displayed only if people with certain username are surfing the site. These lists...
8
by: Noel Volin | last post by:
Anyone who can help here is much appreciated. I am trying to programmatically log onto a website. I am using the code provided in VS for the AuthenticationManager Class example (...
1
by: Sudhakara.T.P. | last post by:
Hi, I have an application in VB.NET windows application, wherein the administrator has the option to change the authentication mode ie., whether the application should work as a normal database...
0
by: JimLad | last post by:
Hi, I've been tasked with reviewing the Authentication and Auditing of an application and database. ASP/ASP.NET 1.1 app with SQL Server 2000 database. Separate audit trail database on same...
3
by: dorrit.Riemenschneider | last post by:
I need to validate a user with username and password against our OpenLDAP active directory. This is my code: Private bool ValidateUser (string username, string password) { DirectoryEntry...
0
by: Gery D. Dorazio | last post by:
The SQL Server 2005 security database that is installed for an ASP.NET V2.0 web app has the UserName and LoweredUserName in the aspnet_User table. It appears that the only way the UserName is set...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.