WCF UserName authentication

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

MuZZy - 07 Jan 2007 05:56 GMT

HI,

I'm trying to implement username authentication for a WCF service
(hosted in ServiceHost, not IIS) and once service starts it gets to
Faulted state if i specify:

tcpBinding.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;

Here's the piece of code where service is being started (all settings,
e.g. endpoints, behaviors are set in code - there is no app.config in
the project):

//////-------------------------------
urlService = "http://localhost:8000/MyService";

host = new ServiceHost(typeof(ServiceLibrary.service1));
host.Opening += new EventHandler(host_Opening);
host.Opened += new EventHandler(host_Opened);
host.Closing += new EventHandler(host_Closing);
host.Closed += new EventHandler(host_Closed);
host.Faulted += new EventHandler(host_Faulted);

WSHttpBinding tcpBinding = new WSHttpBinding();
tcpBinding.TransactionFlow = false;
tcpBinding.Security.Mode = SecurityMode.Message;
tcpBinding.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;

// Add a endpoint

host.AddServiceEndpoint(typeof(ServiceLibrary.IService1), tcpBinding,
urlService);

ServiceMetadataBehavior metadataBehavior;
metadataBehavior =
host.Description.Behaviors.Find<ServiceMetadataBehavior>();
if (metadataBehavior == null)
{
    metadataBehavior = new ServiceMetadataBehavior();
metadataBehavior.HttpGetUrl = new
Uri("http://localhost:8000/MyService");
metadataBehavior.HttpGetEnabled = true;
host.Description.Behaviors.Add(metadataBehavior);
}
ServiceCredentials serviceCred =
host.Description.Behaviors.Find<ServiceCredentials>();
if (serviceCred == null)
{
    serviceCred = new ServiceCredentials();

serviceCred.UserNameAuthentication.UserNamePasswordValidationMode =
UserNamePasswordValidationMode.Custom;

serviceCred.UserNameAuthentication.CustomUserNamePasswordValidator = new
MyCustomUserNameValidator();

    host.Description.Behaviors.Add(serviceCred);
}
host.Open();

//-------------------------------------------------------------------

If i don't put "tcpBinding.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;" service starts and works (if i exclude
authentication) but of cource authentication doesn't work.

Any ideas what might be wrong?

Thank you,
MuZZy

Reply to this Message

Steven Cheng[MSFT] - 08 Jan 2007 11:43 GMT

Hello MuZzy,

For your WCF username secured service, I've performed some test on my local
environment and comparing the standard username(custom validator) service
configuration with yours. I found that what you've missed here is
configuring the service identity(server certificate for your
ServiceCredentials behavior). You can see it when you use the declartive
means(through app.config)

==========app.config===========
<system.serviceModel>
        <services>
            <service name="ServerApp.CalculatorService"
                    behaviorConfiguration="CalculatorServiceBehavior" >
                <host>
                    <baseAddresses>

                        <add baseAddress ="http://localhost:8888/ServerApp"/>
                    </baseAddresses>
                </host>

                <endpoint address=""
                        binding="wsHttpBinding"
                        bindingConfiguration="Binding1"
                        contract="ServerApp.ICalculator" />
            </service>
        </services>

        <bindings>
            <wsHttpBinding>

                <binding name="Binding1">
                    <security mode="Message">
                        <message clientCredentialType="UserName" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>
        <behaviors>
            <serviceBehaviors>
                <behavior name="CalculatorServiceBehavior"
includeExceptionDetailInFaults="True">
                    <serviceCredentials>

                        <userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ServerApp.CustomUserNameValidator,
ServerApp" />

                        <serviceCertificate findValue="localhost"
storeLocation="LocalMachine" storeName="My"
x509FindType="FindBySubjectName" />
                    </serviceCredentials>

                    <serviceMetadata
                        httpGetEnabled="true" />
                </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>
====================================

Here is my test code which programmatically configure the service
application conforms to the above app.config file

===========code ===================
static void RunCode()
{
Uri baseuri = new Uri("http://localhost:8888/ServerApp");

ServiceHost host = new ServiceHost(typeof(CalculatorService),
baseuri);

//configure endpoint and binding
WSHttpBinding wsbd = new WSHttpBinding(SecurityMode.Message);
wsbd.Security.Message.ClientCredentialType =
MessageCredentialType.UserName;

//add endpoint for Icalculator
host.AddServiceEndpoint(typeof(ICalculator), wsbd, "");

// configure service behavior

ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;
host.Description.Behaviors.Add(smb);

ServiceCredentials scb = new ServiceCredentials();
scb.UserNameAuthentication.UserNamePasswordValidationMode =
System.ServiceModel.Security.UserNamePasswordValidationMode.Custom;
scb.UserNameAuthentication.CustomUserNamePasswordValidator =
new CustomUserNameValidator();

scb.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "localhost");
host.Description.Behaviors.Add(scb);

try
{
host.Open();

Console.WriteLine("The service is ready.");
Console.WriteLine("The service is running in the following
account: {0}", WindowsIdentity.GetCurrent().Name);
Console.WriteLine("Press <ENTER> to terminate service.");
Console.WriteLine();
Console.ReadLine();
}
catch (Exception ex)
{

}
finally
{
host.Close();
}
}
=======================================

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Reply to this Message

MuZZy - 09 Jan 2007 02:05 GMT

> Hello MuZzy,
>
[quoted text clipped - 117 lines]
> }
> }

But for that you have to have a SSL certificate installed on your
system, right?

Reply to this Message

Steven Cheng[MSFT] - 09 Jan 2007 11:45 GMT

Hi MuZZy,

Yes, when you use message security with the WSHttpBinding, it require the
service side to authenticate itself(to client) also. Therefore, you need to
provide a server certifricate for the service. At development time, you
can use a test service as the WCF username security sample does. At
production & deployment scenario, you need to purchase a server
certificate(such as SSL certificate) from some trust authority(like
verisign).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

Reply to this Message

WCF UserName authentication

Free Magazines