WCF, WebHttp Binding, and Authentication
If you’re trying to build REST-enabled services with WCF, you’ll want to use the webHTTP Binding.
This binding defaults to anonymous handling, so if you’re planning on doing any authorization you need to change the binding configuration.
This took me ages to figure out, largely because the webHttp binding is new and not well documented.
To change the binding to support NTLM or Windows authentication, add the following node to the system.servicemodel in your app.config:
-
<bindings>
-
<webHttpBinding>
-
<binding name="varkBinding">
-
<security mode="TransportCredentialOnly">
-
<transport clientCredentialType="Ntlm" />
-
</security>
-
</binding>
-
</webHttpBinding>
-
</bindings>
Note that you can supply one of five values to the mode attribute: None, Basic, Digest Windows, NTLM, and Certificate.
Once you’ve picked the one you want, in your service definition, specify your new binding from the bindingConfiguration attribute:
-
<service behaviorConfiguration="SyndicationBehavior"
-
name="Yourapp.Yourservice">
-
<endpoint address="http://localhost:8000/url"
-
behaviorConfiguration="SomeBehavior"
-
binding="webHttpBinding" bindingConfiguration="varkBinding"
-
contract="YourContract.IYourService" />
-
</service>
And all calls to your REST service should be made with a valid windows network identity.
In your serviceCode, you can retrieve it from the System.ServiceModel namespace:
-
ServiceSecurityContext.Current.WindowsIdentity
Oh, and if you’re not comfortable with editing the XML files, or you’d like to explore the dizzying array of other available options in WCF, I also discovered the Microsoft Service Configuration Editor (possibly someone had discovered it before me. ) It lives at C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\SvcConfigEditor.exe. It gives you a simple(ish) visual way to edit WCF Configuration files.
UPDATE: JustinJSmith over at The Cybertopian Chronicle points out that it’s even easier to invoke the config editor – you just right click on your app.config, and select “Edit WCF Configuration” (duh…)
Related Posts
- WCF Instance Context
- Creating Dummy Targets for Configuration Objects
- Using WCF for REST, Part 1
- 3 Useful Visual Studio Tricks for Spark Templates
Thank you for your post! I would have been lost without it to reinforce my assumptions. My problem was my code, of course.
Hello,
There is no security mode value of “TransportCredentialOnly”.
There are only four possible values;
None
Message
Transport
TransportWithMessageCredential
I am wrong. For webHttpBinding, there is TransportCrendentialOnly mode. I didn’t realize I was looking at the security modes for WSHttpBinding.
Hey An, don’t feel bad – It happens to the best of us
I’ve made that mistake myself more than once!
[...] Dan Rigsby » REST Services and Metadata Endpoints in WCF WCF, WebHttp Binding, and Authentication [...]
Hello,
I am trying to build REST-enabled services with WCF, you’ll want to use the webHTTP Binding. But i have to use the clientCredentialType=”Certificate” .
In this case the binding will be –
I created the service certificate in my dev environment and associated the service with it. (I don’t intend to use the client certificate.) I had to make the following changes –
and the base address had to be changed to –
Had to make it HTTPS from HTTP. The service starts up but the problem is i am not able to browse the URL using the browser. I was able to browse when the security was not implemented with the URI.
Please help me to solve this issue.
Thanks
Thanks for the post.
I am trying to implement schema validation on my web service.
Is this possible?
I have found many articles about schema validation and wsHttpBinding, but not webHttpBinding.
Thanks,
Darren
Hey Darren,
We haven’t tried using schema validation with webHttpBinding. It should be possible, but you’ll have to much of the work manually. The webHttpBinding is designed for returning HTML, JSON, or plain old XML (POX) services.