WCF, WebHttp Binding, and Authentication

Gordon  21 Mar, 2008  .NET, WCF

If you’re trying to build REST-enabled services with WCF, you’ll want to use the webHTTP Binding.

This binding defaults to anonymous handling, so if you’re planning on doing any authorization you need to change the binding configuration.

This took me ages to figure out, largely because the webHttp binding is new and not well documented.

To change the binding to support NTLM or Windows authentication, add the following node to the system.servicemodel in your app.config:

  1. <bindings>
  2. <webHttpBinding>
  3. <binding name="varkBinding">
  4. <security mode="TransportCredentialOnly">
  5. <transport clientCredentialType="Ntlm"  />
  6. </security>
  7. </binding>
  8. </webHttpBinding>
  9. </bindings>

Note that you can supply one of five values to the mode attribute: None, Basic, Digest Windows, NTLM, and Certificate.

Once you’ve picked the one you want, in your service definition, specify your new binding from the bindingConfiguration attribute:

  1. <service behaviorConfiguration="SyndicationBehavior"
  2. name="Yourapp.Yourservice">
  3. <endpoint address="http://localhost:8000/url"
  4. behaviorConfiguration="SomeBehavior"
  5. binding="webHttpBinding" bindingConfiguration="varkBinding"
  6. contract="YourContract.IYourService" />
  7. </service>

And all calls to your REST service should be made with a valid windows network identity.

In your serviceCode, you can retrieve it from the System.ServiceModel namespace:

  1. ServiceSecurityContext.Current.WindowsIdentity

Oh, and if you’re not comfortable with editing the XML files, or you’d like to explore the dizzying array of other available options in WCF, I also discovered the Microsoft Service Configuration Editor (possibly someone had discovered it before me. ) It lives at C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\SvcConfigEditor.exe. It gives you a simple(ish) visual way to edit WCF Configuration files.

UPDATE: JustinJSmith over at The Cybertopian Chronicle points out that it’s even easier to invoke the config editor - you just right click on your app.config, and select “Edit WCF Configuration” (duh…)

5 Comments so far »

  1. rdecarlo73 said,

    Wrote on July 7, 2008 @ 9:27 pm

    Thank you for your post! I would have been lost without it to reinforce my assumptions. My problem was my code, of course.

  2. An Phu said,

    Wrote on August 25, 2008 @ 4:41 pm

    Hello,

    There is no security mode value of “TransportCredentialOnly”.

    There are only four possible values;
    None
    Message
    Transport
    TransportWithMessageCredential

  3. An Phu said,

    Wrote on August 25, 2008 @ 4:50 pm

    I am wrong. For webHttpBinding, there is TransportCrendentialOnly mode. I didn’t realize I was looking at the security modes for WSHttpBinding.

  4. Gordon said,

    Wrote on August 25, 2008 @ 7:03 pm

    Hey An, don’t feel bad - It happens to the best of us ;)

    I’ve made that mistake myself more than once!

  5. Rinsing the SOAP from WCF (or, RESTful WCF Hyperlink Acupuncture) | The Freak Parade said,

    Wrote on August 28, 2008 @ 10:31 pm

    [...] Dan Rigsby » REST Services and Metadata Endpoints in WCF WCF, WebHttp Binding, and Authentication [...]

Comment RSS · TrackBack URI

Leave a Comment

Name: (Required)

E-mail: (Required)

Website:

Comment: