如何使用WCF满足IIS基本身份验证

Question

I'm trying to do a Basic Authentication on IIS using WCF.

I developed a RESTFul webservice and enabled SSL. I pass user name and password through

HttpContext.Current.Request.Headers["Authorization"],

and I use these informations to set HttpContext.Current.User to a new genericPrincipal() .

Eventually the property HttpContext.Current.User.Identity.IsAuthenticated stay "true" However the response I receive is "401 Unauthorized" . So my question is, How can I satisfy IIS Basic Authentication?

Web.Config

<?xml version="1.0" encoding="UTF-8"?>
            <system.serviceModel>
               <services>
                  <service name="Agfa.ChannelServiceRest.PrivateServices" behaviorConfiguration="PrivateBehaviors">
                     <endpoint contract="Agfa.ChannelServiceRest.IPrivateServices" 
                               binding="webHttpBinding" 
                               bindingConfiguration="Secure" 
                               behaviorConfiguration="Web" 
                               name="PrivateBehaviors" />
                  </service>
               </services>
               <bindings>
                  <webHttpBinding>
                     <binding name="Secure">
                        <security mode="Transport">
                           <transport clientCredentialType="Basic" />
                        </security>
                     </binding>
                  </webHttpBinding>
               </bindings>
               <behaviors>
                  <endpointBehaviors>
                     <behavior name="Web">
                        <webHttp />
                     </behavior>
                  </endpointBehaviors>
                  <serviceBehaviors>
                     <behavior name="PrivateBehaviors">
                        <serviceMetadata httpsGetEnabled="true" />
                        <serviceDebug includeExceptionDetailInFaults="false" />
                     </behavior>
                  </serviceBehaviors>
               </behaviors>
               <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
            </system.serviceModel>`

Answer 1

Are you passing the credentials over in the proper format for Basic Authentication?

Authorization Basic -base64(username:password)

 string credentials = string.Format("{0}:{1}", _username, _password);
 requestProperty.Headers["Authorization"] = string.Format("Basic {0}", Convert.ToBase64String(UTF8Encoding.UTF8.GetBytes(credentials)));

This so link describes a similar problem.

Answer 2

I found the issue! IIS only allows, Active Directory users. So to use Basic Authentication on IIS you need add the users you wish give access to Microsoft Active Directory.