WCF 4 REST with User Basic Authentication over SSL in IIS

Question

WCF 4 REST with User Basic Authentication over SSL in IIS

I'm looking for a complete walkthrough or sample project for deploying a RESTful service using .NET 4.0 using custom basic authentication over HTTPS hosted on IIS.

I have been searching for 3 days, and I can find either an implementation with WCF 3.5, which is very different, either without custom basic authentication or without SSL.

I basically implemented the REST service in WCF 4 and added SSL, but I cannot use user authentication using my user user database.

Any links would be really appreciated.

+4

rest ssl iis wcf

Julz Aug 9 '11 at 9:38

source share

3 answers

It is currently not possible to use the available WCF extension points.

+1

Phil degenhardt Aug 9 '11 at 23:50

source share

I struggled with this for a while and ended up just using basic auth in my service. Check WebOperationContext.Current.IncomingRequest.Headers for the Authorization header. If it is missing or the credentials do not match the set request header and return status 401:

WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\""); throw new WebFaultException<string>("Username and password needed", HttpStatus.Unauthorized);

This is enough to force the browser to request credentials from the user. See http://tools.ietf.org/html/rfc2617 , http://ithoughthecamewithyou.com/post/Basic-HTTP-auth-for-an-IIS-hosted-WCF-4-RESTful-service.aspx for more details. for more information about this disappointing missing feature.

0

Robert Ellison Sep 04 '11 at 21:52

source share

Ladislav Mrnka · Accepted Answer · 2011-08-10T08:47:02+0000

Perhaps with a custom HTTP module that allows basic authentication using a special credential store. The built-in module in IIS only supports Windows accounts.

WCF 4 REST with User Basic Authentication over SSL in IIS

More articles: