WCF Web Service Authentication Based on AD Groups

Question

WCF Web Service Authentication Based on AD Groups

I have a WCF web service that is used by the C # client application, and I also have 4 groups that are stored in Active Directory. The client application must connect this web service by passing login credentials.

Demand:

Limit web service functionality based on a Windows user credential group stored in AD (Active Directory)
Passing specific user credentials from a client application to this web service

Question:

How to authenticate or verify the user's logon when connecting to this web service, which function of the event handler will be called to verify the registered user credentials.

If anyone knows about this please let me know

+5

service wcf

Lalit sharma Aug 25 '09 at 21:06

source share

1 answer

marc_s · Answer 1 · 2009-08-26T05:22:34+0000

You need to separate two concepts:

AUTHENTICATION is the process of determining who it calls you to, and making sure that he is actually what he claims to be; this can be done using a username / password, Windows credentials (it has already authenticated in its Windows window through the system login) or require the caller to have some information (certificate)
AUTHORIZATION is a process - when you know who is calling you to determine what this caller can do (or what he cannot do)

Active Directory, WCF, Windows. - Windows , wsHttpBinding netTcpBinding. Windows , , ServiceSecurityContext.Current.WindowsIdentity:

WindowsIdentity caller = ServiceSecurityContext.Current.WindowsIdentity;

Intranet - . , wsHttp netTcp ( netTcp ).

- X.509, AD . .

, . , , . [PrincipalPermission(....)] , , , , .

    [PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]
    [PrincipalPermission(SecurityAction.Demand, Name = "JohnDoe")]
    public string SayHello(string caller)
    {
     ......
    }

"PrincipalPermission", "OR" -fashion - - , .

4 WCF , .

WCF Web Service Authentication Based on AD Groups

More articles: