WCF - override Windows Authentication

Question

There are two domains: domainA.com and domainB.com.

There is a wcf service hosted in domainA.com which uses windows authentication to identify users.

This works fine as long as only users from domainA use the service. Unfortunately users from domainB will soon need to use this service too and the windows authentication fails when connecting from domainB account.

Is it possible to override the windows authentication by pointing it to domainB LDAP? If not do you have any other solutions on how to authenticate domainB users in such case?

One soultion, that I have found, would be swithching from Windows to UserName clientCredentialType, prompt the user for username and password and then have a custom UserNamePasswordValidator to validate against domainB LDAP. However, if possible, I would like to avoid prompting users for password.

Do you have any advice?

Answer 1

Using the DirectoryEntry class The first param of the constructor is for the domain. then just put in user and password. Without a trust between the domains you would have to change the domain for the domain you want to auth the user against.

If an exception is thrown the user was not authenticated.

using (DirectoryEntry de = new DirectoryEntry(ldap://mydomain.com:389, LDAPUser, LDAPPass, authflags))
{
    try
    {
        Object obj = de.NativeObject;
    }
    catch (Exception ex)
    {
        ErrorMsg = ex.Message;
    }
}