I've been tasked with building a basic admin app. The app needs an ASP.NET front end which talks to a number of back end services using WCF.
One requirement is that the users of the app are authenticated using Windows authentication. I can do this no problem if the app logic were contained in the ASP.NET app, but I have no idea how to perform authentication within the back end WCF services?
- Is it possible to pass credentials through to a WCF service and have it perform the authentication?
It depends... (Note most of this is based on HTTP/IIS as the transport, could be different if using TCP or other bindings)
WCF itself can be setup to use Transport or Message security using the current running credentials.
If the WCF service (and anything it needs to talk with using the current credential) is on the same box as the ASP>NET front end you will probably be ok
...otherwise you could be heading for "Double Hop Authentication" trouble. Basically windows auth will get an "impersonation" identity on the webserver which is fine locally, but it does not have permission authenticate off of the web server. To do that you need a "delegation" identity.
The options that I am aware of for getting a delegation identity are Kerberos and Basic Authentication.
So if when you say "windows authentication" you really mean everyone (client and all servers) are on the same AD domain you might ok.
I have an ASP.NET site using Windows Authentication which needed to call a WCF service which has Anonymous and Windows Authentication enabled. The problem I had was to pass the Windows Credentials to the WCF service.
To do so I did the following
In the Web.config of the site, I made sure my WCF bindings used windows authentication: security mode="TransportCredentialOnly"
transport clientCredentialType="Windows"
IN IIS, I created an App Pool using .Net 4 and Classic Managed Pipeline Mode
In my website authentication settings
Anonymous Auth - Disabled
ASP.NET Impersonation - Enabled
Windows Auth - Enabled
That is what worked for me.
来源:https://stackoverflow.com/questions/488676/asp-net-wcf-service-requires-windows-authentication