Vista - WCF Windows Authentication - How to?

04-29-2009

Hi everyone,

I have a simple requirement to create a web service and be able to
determine the identities of clients connecting to it (ie. if I'm
logged in as Me@xxxxxx and I call some method on the service, the
service should be able to grab this info and perform some custom
authentication, perhaps look up "Me@xxxxxx" in a database table). The
problem I'm having is that when I debug a call on the service and look
at the Thread.CurrentThread's identity information, all I see is the
NETWORK SERVICE account name rather than the identity of the caller.
It was my impression that the calls would be serviced under the
context of the calling client, so I must have something set up wrong.
Can anyone lend a hand? This is what I've done :

WCF SERVICE
===========
1) In the constructor I execute the following line of code :

AppDomain.CurrentDomain.SetPrincipalPolicy
(System.Security.Principal.PrincipalPolicy.WindowsPrincipal);

2) In the Web.config, I've set the binding to netTcpbinding which uses
transport level security and Windows Auth by default

<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<services>
<service behaviorConfiguration="MyServiceBehavior"
name="MyOwnService.MyOwnService">
<endpoint address="" binding="netTcpBinding"
bindingConfiguration="MyTestBinding"
contract="MyOwnService.IMyOwnService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:49910/MyOwnService/" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="MyTestBinding" />
</netTcpBinding>
</bindings>

<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceMetadata httpGetEnabled="false"/

<serviceDebug
includeExceptionDetailInFaults="True"/>
<dataContractSerializer
maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>

WINDOWS SERVICE
================
Since I'm using netTcpBinding, I can't host it in IIS versions < 7.0,
so I chose to host it in a windows service, which I've set up to run
under the NETWORK SERVICE account.

CLIENT
=====
The client's app.config is generated via svcutil, and is as follows :

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_MyOwnService"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00"
transactionFlow="false"
transferMode="Buffered" transactionProtocol="OleTransactions"

hostNameComparisonMode="StrongWildcard" listenBacklog="10"
maxBufferPoolSize="10524288"
maxReceivedMessageSize="2147483647" maxConnections="10"

Quote:

>

04-29-2009

Hello,

I'm not sure what the source of the confusion is, but I'll try and
clarify matters further.

Quote:

> Why is the Web.config *not set to wsHTTPBindings? Is this or is this not WCF
> Web Service?
> Is this IIS 7 or not?

The reason why it's not set to wsHttpBinding is because I would rather
go with netTcpBinding for speed. The netTcpBinding already supports
everything I need it for, I'm just missing something simple that I
can't figure out.

Quote:

> > WINDOWS SERVICE
> > ================
> > Since I'm using netTcpBinding, I can't host it in IIS versions < 7.0,
> > so I chose to host it in a windows service, which I've set up to run
> > under the NETWORK SERVICE account.

>
> What is hosting WCF *is it a Windows service or IIS? Is there more thanone
> WCF service being hosted?

Quote:

> I know that machine that is hosting IIS7 can host a WCF Web service, tcp/ip,
> Named Pipe, ect, etc WCF service all on the same machine.

As I mentioned above, netTcpBinding cannot be hosted by IIS versions <
7.0 (I'm using 6.0), therefore I'm hosting it in a windows service.

Quote:

> What I don't understand is the infrastructure of this solution?

Windows service running under a NETWORK SERVICE account hosting a WCF
service using netTcpBinding.

Thanks

04-29-2009	#1 (permalink)
vpabloortiz n/a posts	WCF Windows Authentication - How to? Hi everyone, I have a simple requirement to create a web service and be able to determine the identities of clients connecting to it (ie. if I'm logged in as Me@xxxxxx and I call some method on the service, the service should be able to grab this info and perform some custom authentication, perhaps look up "Me@xxxxxx" in a database table). The problem I'm having is that when I debug a call on the service and look at the Thread.CurrentThread's identity information, all I see is the NETWORK SERVICE account name rather than the identity of the caller. It was my impression that the calls would be serviced under the context of the calling client, so I must have something set up wrong. Can anyone lend a hand? This is what I've done : WCF SERVICE =========== 1) In the constructor I execute the following line of code : AppDomain.CurrentDomain.SetPrincipalPolicy (System.Security.Principal.PrincipalPolicy.WindowsPrincipal); 2) In the Web.config, I've set the binding to netTcpbinding which uses transport level security and Windows Auth by default <?xml version="1.0"?> <configuration> <system.serviceModel> <services> <service behaviorConfiguration="MyServiceBehavior" name="MyOwnService.MyOwnService"> <endpoint address="" binding="netTcpBinding" bindingConfiguration="MyTestBinding" contract="MyOwnService.IMyOwnService"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange" /> <host> <baseAddresses> <add baseAddress="net.tcp://localhost:49910/MyOwnService/" /> </baseAddresses> </host> </service> </services> <bindings> <netTcpBinding> <binding name="MyTestBinding" /> </netTcpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="MyServiceBehavior"> <serviceMetadata httpGetEnabled="false"/ <serviceDebug includeExceptionDetailInFaults="True"/> <dataContractSerializer maxItemsInObjectGraph="2147483647" /> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> <system.web> <compilation debug="true"/> </system.web> </configuration> WINDOWS SERVICE ================ Since I'm using netTcpBinding, I can't host it in IIS versions < 7.0, so I chose to host it in a windows service, which I've set up to run under the NETWORK SERVICE account. CLIENT ===== The client's app.config is generated via svcutil, and is as follows : <?xml version="1.0" encoding="utf-8"?> <configuration> <system.serviceModel> <bindings> <netTcpBinding> <binding name="NetTcpBinding_MyOwnService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="10524288" maxReceivedMessageSize="2147483647" maxConnections="10" Quote: > <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" /> <message clientCredentialType="Windows" /> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint address="net.tcp://localhost:49910/ MyOwnService/" binding="netTcpBinding" bindingConfiguration="NetTcpBinding_MyOwnService" contract="MyOwnServiceReference.MyOwnService" name="NetTcpBinding_MyOwnService"> <identity> <dns value="localhost" /> </identity> </endpoint> </client> </system.serviceModel> </configuration>
My System Specs

04-29-2009	#2 (permalink)
vpabloortiz n/a posts	Re: WCF Windows Authentication - How to? Hello, I'm not sure what the source of the confusion is, but I'll try and clarify matters further. Quote: > Why is the Web.config not set to wsHTTPBindings? Is this or is this not WCF > Web Service? > Is this IIS 7 or not? The reason why it's not set to wsHttpBinding is because I would rather go with netTcpBinding for speed. The netTcpBinding already supports everything I need it for, I'm just missing something simple that I can't figure out. Quote: Quote: > > WINDOWS SERVICE > > ================ > > Since I'm using netTcpBinding, I can't host it in IIS versions < 7.0, > > so I chose to host it in a windows service, which I've set up to run > > under the NETWORK SERVICE account. > > What is hosting WCF is it a Windows service or IIS? Is there more thanone > WCF service being hosted? Quote: > I know that machine that is hosting IIS7 can host a WCF Web service, tcp/ip, > Named Pipe, ect, etc WCF service all on the same machine. As I mentioned above, netTcpBinding cannot be hosted by IIS versions < 7.0 (I'm using 6.0), therefore I'm hosting it in a windows service. Quote: > What I don't understand is the infrastructure of this solution? Windows service running under a NETWORK SERVICE account hosting a WCF service using netTcpBinding. Thanks
My System Specs

Similar Threads
Thread	Forum
Kerberos authentication support in Windows Mail	Vista mail
IIS 7.0 on Vista Home Premium (Windows Authentication)	Vista General
Vista + VPN + SQL server + Windows Authentication mode	Vista security
Windows mail SMTP authentication	Vista mail
Windows authentication fails locally but not remotely	Vista security