Environment :
Sharepoint Foundation hosted at http://subdomain.mydomain.com
WCF service hosted at http://anothersubdomain.mydomain.com
When I go to my sharepoint site, I'm being asked for my windows credentials. This is normal, I enter them and I can access the site.
Now, if I navigate to my WCF service, I have to enter my windows credentials again to have access to the service.
Is this something that can be fixed so I have some kind of a "single sign-on" between my 2 sites?
Thanks,
Alex
As you are already using Windows Authentication, I would highly recommend you use Kerberos. You would eliminate the need to enter credentials in either location.
Related
a WCF Service in hosted in our internal server. an external client will consume it and, our Service will consume our SharePoint service in order to edit an item list.
The WCF Service will have the automatically earn the windows authentication to access to the SharePoint site so I do not have to provide a login and password not domain name.
I am not sure how I am supposed to code my service:
NetworkCredential credential = CredentialCache.DefaultNetworkCredentials;
will be enough?
Architecture
But if you do need to use a specific account you could go for the following:
NetworkCredential credentials = new System.Net.NetworkCredential("name", "password", "optional:domain");
IMO, it should be enough, if your wcf and SharePoint services in same (or trusted) domains, and you select appropriative security mode.
See for more details:
http://msdn.microsoft.com/en-us/library/ms733836.aspx
I am working on an Asp.Net application which will interact with WCF services that will be hosted on local machines on IIS.
In order to make these wcf services be hosted, what rights does user have to have when they log in? Do they have to have Admin rights on the machine?
P.S.: I know that WCF services should not be hosted on individual local machines so please do not start the discussion on that. All i want to know is what rights logged in user needs to have in order to make WCF services available to the application.
It really depends on how you set up the service. You can configure the website to allow anonymous access and set up your WCF binding to basicHttp binding with a security mode of None. That should allow any logged in user to run the site. This would NOT restrict users to only the one(s) logged in to the local machine, if that is what you are looking for.
You are dealing with two levels of security here. You will define your access in IIS to allow users to use the site. Then you will set up WCF service to allow the IIS site to access it. If you are using pass through authentication then you will need to authorize the individual users, perhaps with a local group?? Otherwise you need to authorize the identity that IIS is running the site under. So users do not need to be administrators, unless you specifically demand that role in IIS or WCF.
I have separate layer with WCF services.
And I have sharepoint website.
The aim to allow login for mobile devices to WCF layer and in the same time to sharepoint web site.
Sharepoint will be used like secured database.
I need somehow to check user when he will login to WCF layer and the hard part to authenticate him in SharePoint website.
I need any help because I really don’t know a lot about this topic. Will appreciate any answers
Your WCF service will not connect to the web pages of the SharePoint site, it will connect SharePoint's web services.
Mobile devices are limited in the authentication they support. Windows authentication may not be supported. So basichttpbinding using basic authentication over SSL is probably the best option. Send the username and password as part of the call, then you can use this username and password in the web service call to the SharePoint web services.
please help. Half of the kingdom for a correct answer!!!
Is it possible to use WCF Windows authentication with the anonymous access option? My WCF service deployed in the AD domain, and there are some clients outside of the domain. Can I use windows authentication to get client credentials for users that are in the AD and the same time allow access to the users they are not in the domain? Thanks.
P.S. Sorry for poor English.
To do this you need to create a service configuration that exposes two different endpoints. One endpoint would use your current config. The new endpoint would be for the non-AD clients and you would configure it using the options listed here. For anonymous access, you could pick an unsecured client configuration. If your service host is IIS, you may need to have two different sites/applications because I believe enabling Windows authentication will disable anonymous access.
I like to use wcf (windows communication foundation) with windows authentication.
Do I need Active directory for this purpose?
How the server knows about the identity of the client?
If someone can found out the pass of the client that is using the wcf services, can he create the same user name on different computer and use the password to access the wcf services ?
Yes, if you want to use Windows authentication, you need Active Directory as the source where the user gets validated.
The way this happens is by means of a user "token" - when your client logs into his PC with his Windows credentials, the login process will check with AD whether the user is legit and issue a "token". This token is then used in calls to a WCF service to determine who it is that is calling the service.