使用WCF Web服务时如何对客户端进行身份验证？

Question

I want to authenticate a client while consuming a Web service. I see a property exposed in the Client called ClientCredential in which we can pass username and password. How can I pass this information to my WCF web service and how can i authenticate the user ID and password?

Answer 1

If you want to use the ClientCredential with Username / Password, you need to configure that in the client side app.config like this - either use transport or message security, whichever works for you, and then specify

<system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="UserNameSecurity">
          <security mode="Message">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </basicHttpBinding>

and then you need to use this binding configuration "UserNameSecurity" in your endpoint on the client:

    <client>
      <endpoint address="http://localhost:8888/MyService"
                binding="basicHttpBinding" bindingConfiguration="UserNameSecurity"
                contract="IMyService" />

On the server side, you need to define how to authenticate the user - either using Windows (Active Directory Domain), or using the ASP.NET membership providers (and their associated user database):

  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="Default">
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>

In this case, your username/password will be checked against the ASP.NET membership database.

If this is all on an intranet, internally in a company, I would however rather use the integrated Windows security all around - it's much easier to setup and use, and more reliable and secure. But it only works inside the company, inside the corporate firewalls.

Marc