I am trying to set up a web service which is to have a username and password in order to access the service. I am using this link as a guide http://www.codeproject.com/Articles/642997/Generate-username-authentication-based-on-basicHtt
I've hit an area where i cant get around the below error. With my config below i received this error message
The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Basic'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
My config file is
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="customBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="Project.Services.MyService, Project.Services"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="MyBasicHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="customBehavior" name="Project.Services.MyService">
<endpoint address=""
binding="basicHttpBinding" bindingConfiguration="MyBasicHttpBinding"
contract="Project.Services.Interfaces.ITechnology">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/Service/myService.svc" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
<appSettings>
<add key="userName" value="user1"/>
<add key="password" value="password"/>
</appSettings>
</configuration>
The wcf service is to be used with a Windows Phone 8 application. I've read several articles on the error and have set the endpoint address to "" but nothing i've done is working. I've had to go back to the above config as i think i was making too many changes which might just put me on the wrong track.
The service is hosted on my Local IIS (Win 8 64 bit pro + all updates).
Could anyone assist?
According to the error, you need to set up IIS to allow "Basic Authentication" on your service.
In IIS management console, select the authentication tab and set allow "Basic Authentication". Also, disable "Anonymous authentication".
If "Basic Authentication" its not there you need to add this role to your IIS.
Check how to do it here.
Related
I have set up a WCF service hosted in IIS. The server that it is hosted on does not have a DNS Name (no domain), just an external static WAN IP address.
When I try to connect to the service in either iOS or Windows client using MEX to generate proxies, it uses the domain name which cannot be resolved and fails.
The WSDL document contains links that could not be resolved.
- There was an error downloading 'https://blah.com.au/NimThaiService.svc?xsd=xsd3'.
- The remote name could not be resolved: 'blah.com.au'
How can I change my Web config file or configure IIS so that instead of using the domain name it uses the static IP.
I need the MEX to be https://123.123.123.123/NimThaiService.svc
I've tried to follow directions in other articles. For example one suggests to add <useRequestHeadersForMetadataAddress />. But when I do that I get an error saying that the resource cannot be found.
My Web config file is as follows:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="NimThaiService.Authenticator, NimThaiService" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="NimThaiService.NimThaiService">
<endpoint address="https://mystaticwanipaddress:443/NimThaiService.svc" binding="basicHttpBinding" contract="NimThaiService.INimThaiService" bindingConfiguration="secureHttpBinding">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange">
<identity>
<dns value="mystaticwanipaddress" />
</identity>
</endpoint>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
After some more research I managed to fix this by adding an attribute to the serviceMetadata node.
I needed to add the "httpsGetUrl" attribute as follows:
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="http://mystaticwanipaddress/NimThaiService.svc/basic" />
I understand that there are many posts about this, and I've been through all of them that came up on my search and implemented everything that was mentioned. I have a WCF web service that works on my local system on HTTP, and it worked on the server on HTTP. But the client requires that this works through HTTPS. The miriad of posts on this and other sites shows me that this is not as straight forward as it should be, since before this, the ASMX web service "just worked" and didn't need complicated configuration.
I'm getting the following error with my current configuration:
Could not find a base address that matches scheme https for the
endpoint with binding WSHttpBinding. Registered base address schemes
are [http].
Here is my code as of this moment, after trying for days to configure this to work to no avail:
<system.serviceModel>
<!-- -->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" >
<baseAddressPrefixFilters>
<add prefix="https://mysite.com"/>
<add prefix="http://mysite.com"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<!-- Set up Custom Behaviors -->
<behaviors>
<endpointBehaviors>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="WebPostService.WebPostServiceBehavior">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="WebPostServices.svc/mex" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<!-- Set up the binding configuration -->
<bindings>
<wsHttpBinding>
<binding name="SOAPBinding"
>
<security mode="Transport">
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service
behaviorConfiguration="WebPostService.WebPostServiceBehavior"
name="WebPostService.WebPostService"
>
<host>
<baseAddresses>
<add baseAddress="https://mysite.com/Services/WebPostService.svc"/>
</baseAddresses>
</host>
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="SOAPBinding"
contract="WebPostService.IWebPostService"
>
<identity>
<dns value="mysite.com" />
</identity>
</endpoint>
<endpoint
address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange"
>
</endpoint>
</service>
</services>
</system.serviceModel>
What am I doing wrong and how can I get this to work over HTTPS? I'm frustrated that this is not as simple as it should be. I have been burried in WCF documentation at MSDN for the months working on this project, and have a good grasp of services, end-points and bindings --- enough to frustrate me even more than if I had no knowledge at all.
UPDATE: Still working on this, I had an odd error when trying to put the full URL for the mex address. I changed to this:
address="https://prcwebs.com/Services/WebPostService.svc/mex"
and got the error:
Security settings for this service require Windows Authentication but
it is not enabled for the IIS application that hosts this service.
I'm not trying to use Windows Authentication, the security setting wasn't changed and is still set to
<security mode="Transport" />
Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http]
- was not helpful, nothing mentioned that would help
Could not find a base address that matches scheme http for the endpoint with binding WSHttpBinding
- I'm using transport security, this does not apply. tried changing to different security modes, still could not get site to work.
Add multipleSiteBindingsEnabled="true" to the serviceHostingEnvironment and update the security to disable client credentials:
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
EDIT
My final working version under windows 2003 was with the following config.
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="false" />
<!-- Set up Custom Behaviors -->
<behaviors>
<endpointBehaviors>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="WebPostService.WebPostServiceBehavior">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="WebPostServices.svc/mex" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<!-- Set up the binding configuration -->
<bindings>
<wsHttpBinding>
<binding name="SOAPBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WebPostService.WebPostServiceBehavior"
name="WcfService2.Service1">
<host>
<baseAddresses>
<add baseAddress="https://localhost/Service/Service1.svc"/>
</baseAddresses>
</host>
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="SOAPBinding"
contract="WcfService2.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange">
</endpoint>
</service>
</services>
</system.serviceModel>
You can access the website with https so I guess the certificate part of the installation is correct. If you have anything you want to compare with my setup, let me know.
You are using the wrong bindings for HTTPS.
There is two separate binding classes. wsHttpBinding and wsHttpsBinding notice the s.
You need to add a wsHttpsBinding for HTTPS under bindings and you need a new endpoint for that binding.
Also the particular error you are seeing typically I get to see if IIS hasn't been setup for https from that location.
Open IIS Manager
Open Sites
Right click on Default Web Site.
Edit Bindings
Ensure that there is an entry for https as well as http.
Open IIS Manager
Find your application (I think its going to be Default Web Site).
Right click
Manage Website/Application
Advanced Settings
Enabled Protocols
http,https
I used this and it worked for me, maybe it can help you
To enable the Https on WCF WsHttp bindings, there are some simple steps that should be changed in the web.config file.
Those steps are:
Enable transport level security in the web.config file of the service:
In this step you need to change the security mode from none to Transport. The code below shows how you can do it:
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
Tie up the binding and specify the HTTPS configuration
You need to now associate the bindings, the previews step, with the end points. use the bindingConfiguration tag to specify the binding name. You also need to specify the address where the service is hosted. The code below shows how you can do it
<service name="WCFWSHttps.Service1" behaviorConfiguration="WCFWSHttps.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address=https://localhost/WCFWSHttps/Service1.svc binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WCFWSHttps.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
.
you also need to change httpGetEnabled to httpsGetEnabled in the serviceMetaData. The code below shows how you can it:
<serviceMetadata httpsGetEnabled="true"/>
Hope it helped
I've used your exact configuration in 3.5 setting and it works with Transport mode using clientCredentialType="None" as mentioned below in Luuk's answer. But just to be sure, I went ahead an created a sample project to simulate as much of your environment as I could gather from the information here.
To simulate your environment I set my IIS (7.5) to use standard Asp.Net 2.0 Integrated app pool. I added 3 http bindings and 3 https bindings in order to simulate your "can have only one address per scheme issue" and baseAddressPrefixFilters works with that.
I only did a search and replace on mysite.com to localhost. Below is the copy paste of exact configuration that I used to produce the screenshot:
web.config
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" />
<authentication mode="None"/>
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<!-- -->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true">
<baseAddressPrefixFilters>
<add prefix="https://localhost"/>
<add prefix="http://localhost"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<!-- Set up Custom Behaviors -->
<behaviors>
<endpointBehaviors/>
<serviceBehaviors>
<behavior name="WebPostService.WebPostServiceBehavior">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="WebPostServices.svc/mex"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<!-- Set up the binding configuration -->
<bindings>
<wsHttpBinding>
<binding name="SOAPBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WebPostService.WebPostServiceBehavior" name="WebPostService.WebPostService">
<host>
<baseAddresses>
<add baseAddress="https://localhost/Services/WebPostService.svc"/>
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="SOAPBinding" contract="WebPostService.IWebPostService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
</system.serviceModel>
</configuration>
Here's the result:
You'll notice that WebPostService.svc appears twice in mex full url. You need to drop httpsGetUrl to be only mex instead of WebPostService.svc/mex (or drop it out altogether, and it still works fine on my side)
If you'd like to discuss this or what could be different between our envinronments besides IIS version, I'm in WPF chat room almost all day (another 5-6 hours).
I've got a WCF enabled Windows service on our server which I'd like to consume. Both server and client should have appropriate certificates in their stores so these certificates can be used to secure the communication.
I'm not very experienced in WCF configuration and it turns out to be a nightmare with lots of different settings and elements, not all of them documented as good as I would have wished.
The relevant part of my current client configuration is as follows (seems that the code formatting doesn't work propertly on my version of IE I have to use, hopefully I'll fix that later at home):
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding">
<security mode="Message">
<message
clientCredentialType="Certificate"
negotiateServiceCredential="false"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="wsHttpCertificateBehavior">
<clientCredentials>
<clientCertificate
findValue="MyCert"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName"/>
<serviceCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust"
revocationMode="NoCheck"
trustedStoreLocation="LocalMachine"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint
address="http://someserver:1234/wcf/service/"
behaviorConfiguration="wsHttpCertificateBehavior"
binding="wsHttpBinding"
contract="SomeNamespace.ISomeInterface"
name="wsHttpEndpoint">
<identity>
<servicePrincipalName value="what to put here?"/>
<certificateReference
findValue="MyCert"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
The server configuration is like this:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
<system.serviceModel>
<services>
<service
name="Os2CentralWcf.CentralAdUserManager"
behaviorConfiguration="wsHttpCertificateBehavior">
<host>
<baseAddresses>
<add baseAddress="http://someserver:1234/wcf/service/"/>
</baseAddresses>
</host>
<endpoint
address=""
binding="wsHttpBinding"
bindingConfiguration="wsHttpEndpointBinding"
contract="SomeNamespace.ISomeInterface"
name="wsHttpEndpoint">
<identity>
<dns value="MyCert"/>
</identity>
</endpoint>
<endpoint
address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange"
name="mexEndpoint"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message
establishSecurityContext="false"
negotiateServiceCredential="false"
clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="wsHttpCertificateBehavior">
<serviceMetadata
httpGetEnabled="true"
httpsGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceAuthorization principalPermissionMode="None"/>
<serviceCredentials>
<clientCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust"
revocationMode="NoCheck"/>
</clientCertificate>
<serviceCertificate
findValue="MyCert"
storeLocation="LocalMachine"
x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
When not specifying a servicePrincipalName in the client's configuration, I get the following:
System.ServiceModel.Security.MessageSecurityException: Client cannot determine the Service Principal Name based on the identity in the target address 'http://someserver:1234/wcf/service' for the purpose of SspiNegotiation/Kerberos. The target address identity must be a UPN identity (like acmedomain\alice) or SPN identity (like host/bobs-machine).
When trying to add such an element (e.g. <servicePrincipalName value=HOST/someserver:1234"/>, as suggested in the post referred to below), I end up with:
System.ServiceModel.Security.SecurityNegotiationException: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
Now my actual question is whether I have to use the identitysub element at all (the error message seems to indicate this, but I don't understand why). I also couldn't find any detailed documentation about what to put in the dns element and how to specify a servicePrincipalName (if really needed - this post didn't really help either).
Running both client and server (service) locally within Visual Studio 2010 works fine.
I hope I supplied enough information, otherwise please feel free to ask - Unfortunately WCF configuration seems to be quite confusing if you start digging deeper into it...
Update
Using basicHttpBinding at the moment to be able to get both parties to communicate with each other works fine, locally as well as on the server.
This exception can be fixed,it is really weird.You can get rid of it by adding a line to your App.config or Web.config .
<endpoint address ="" binding ="wsHttpBinding" contract="System.ServiceModel.Routing.IRequestReplyRouter">
<identity >
<dns value ="localhost"/>
</identity>
</endpoint>
Adding this line worked for me..
The identity tag in endpoint section will.
Hope this helps
I have a Web Service which uses basic authentication with ssl through a reverse proxy. It has already cost me quite some time to figure out how to get this working and I still fail to get it fully working.
if you type in the url in the browser https://domain.com/service.svc, it asks for credentials and if correct, you get the overview page of the service.
So that seems to be okay.
But when I try to add the Service to Visual Studio 2010, I get the following error:
Metadata contains a reference that cannot be resolved:
The document format is not recognized (the content type is 'text/html; charset=utf-8').
Metadata contains a reference that cannot be resolved: 'https://domain.com/service.svc'.
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=NTLM'.
The remote server returned an error: (401) Unauthorized.
If the service is defined in the current solution, try building the solution and adding the service reference again.
Here is my web.config
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyBinding">
<!--<httpsTransport authenticationScheme="Basic"/>-->
<security mode="TransportCredentialOnly">
<transport clientCredentialType="None" proxyCredentialType="Basic" realm="" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WcfService1.PortalService" behaviorConfiguration="NorthwindBehavior">
<host>
<baseAddresses>
<add baseAddress="https://domain.com/" />
</baseAddresses>
</host>
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" contract="WcfService1.IPortalService">
<!--<identity>
<servicePrincipalName value=""/>
</identity>-->
</endpoint>
<!--<endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="MyBinding" name="mex" contract="WcfService1.IPortalService"></endpoint>-->
</service>
</services>
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="https://domain.com/"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<!--<extensions>
<bindingElementExtensions>
<add name="httpsViaProxyTransport" type="WcfService1.HttpsViaProxyTransportElement, WcfService1"/>
</bindingElementExtensions>
</extensions>
<bindings>
<customBinding>
<binding name="UserNamePasswordSecured">
<textMessageEncoding />
<security authenticationMode="UserNameOverTransport" />
<httpsViaProxyTransport />
</binding>
</customBinding>
</bindings>-->
<behaviors>
<serviceBehaviors>
<behavior name="NorthwindBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceAuthorization principalPermissionMode="UseAspNetRoles"/>
<serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/></serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="SampleEndpointBehavior">
<!--<wsdlExtensions location="http://domain.com/PortalService.svc" singleFile="true"/> -->
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
I tried numerous things like following this post: http://blog.hackedbrain.com/2006/09/26/how-to-ssl-passthrough-with-wcf-or-transportwithmessagecredential-over-plain-http/ but not very succesful.
I also tried to add site bindings to http because the wsdl is generating the server name instead of the domain name, so maybe there is something wrong at that end as well...
So hopefully someone can provide me with some pointers!
Note that the web.config file has some 'junk' in it because of trying with million different settings...
I have a silverlight application which fetches data from a WCF Service hosted under a Windows Service which runs under the "Local System" account i.e. NT AUTHORITY/ SYSTEM.
I have enabled Windows Authentication on this WCF service using the below in my App.config
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="webHttpBehavior">
<webHttp/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="defaultServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="winAuthBasicHttpBinding" openTimeout="05:00" sendTimeout="05:00" >
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
<services>
<service behaviorConfiguration="defaultServiceBehavior" name="DataService.CrossDomainService">
<endpoint address="" behaviorConfiguration="webHttpBehavior" binding="webHttpBinding" contract="DataService.ICrossDomainService">
<identity>
<dns value="107.0.0.12"/>
</identity>
</endpoint>
<host>
<baseAddresses>
<add baseAddress="http://107.0.0.12:2035/"/>
</baseAddresses>
</host>
</service>
<service behaviorConfiguration="defaultServiceBehavior" name="DataService.NewDataService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="winAuthBasicHttpBinding" contract="DataService.INewDataService">
<identity>
<dns value="107.0.0.12"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="http://107.0.0.12:2035/DataService/"/>
</baseAddresses>
</host>
</service>
</services>
I have also enabled Windows Authentication in the connection string for Oracle using Integrated Security=SSPI as below:
<connectionStrings>
<add name="netTiersConnectionString" connectionString="Data Source=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=107.0.0.17)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=SVC001)));Integrated Security=SSPI; Min Pool Size= 1; Max Pool Size= 5;" />
Now when the Silverlight app makes a call to the WCF Service, the database connection happens using NT AUTHORITY/SYSTEM account instead of domainname/username credentials of the logged in user in the Silverlight app which itself uses Windows Authentication. Hence I get the invalid username error.
The same configurations work fine when I host the WCF service in a console application. But when I host in a windows service, it runs under a Local System account and hence I guess this issue.
What can I do so that the database connection is made using windows authentication credentials of logged in user and not the Local System account?
Thanks,
Pankaj Chamria
I found the answer thanks to a reply on CodeProject.. (see here & here)
I just needed to force impersonation on every WCF Service function that made a call to the Oracle database. The way to do it is adding the below attribute on every OperationContract implementation.
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
A possible approach is to run your WCF service with IIS and configure it to you impersonation:
<configuration>
<system.web>
<identity impersonate="true" />
</system.web>
</configuration>
I can't tell you whether you can achieve the same with a Windows service.