I have a WCF web service (RTM RT.).
I want to provide IPrincipal and IIdentity user capabilities, so I decided to provide my own ServiceAuthenticationManager.
It is strange that an instance of ServiceAuthenticationManager is created, but the authentication method is not called.
So, when I have such a server configuration
<system.serviceModel> <protocolMapping> <add scheme="https" binding="basicHttpBinding" /> </protocolMapping> <behaviors> <serviceBehaviors> <behavior name="EntityServiceBehavior"> <serviceAuthenticationManager authenticationSchemes="None" serviceAuthenticationManagerType="Belrost.Communication.EntityServiceAuthenticationManager, Belrost.Communication" /> <serviceAuthorization impersonateCallerForAllOperations="false" principalPermissionMode="Custom" serviceAuthorizationManagerType="Belrost.Communication.EntityServiceAuthorizationManager, Belrost.Communication" /> <serviceCredentials> <serviceCertificate findValue="test.local" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" /> </serviceCredentials> <serviceDebug includeExceptionDetailInFaults="true" httpsHelpPageEnabled="true" httpsHelpPageUrl="https://test.local/service/belrost-help" /> <serviceMetadata httpsGetEnabled="true" httpsGetUrl="https://test.local/service/belrost-meta" /> </behavior> </serviceBehaviors> </behaviors> <bindings> <basicHttpBinding> <binding name="EntityServiceBinding"> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding> </basicHttpBinding> </bindings> <services> <service name="Belrost.Server.EntityService" behaviorConfiguration="EntityServiceBehavior"> <endpoint address="https://test.local/service/belrost" binding="basicHttpBinding" bindingConfiguration="EntityServiceBinding" bindingNamespace="http://schemas.triflesoft.org/" contract="Belrost.Communication.IEntityContract" /> </service> </services> </system.serviceModel>
The authentication method is called, but authorization information is not provided due to clientCredentialType = "None".
When I change None to Basic everywhere, the Authenticate method is no longer called (however, the breakpoint in the EntityServiceAuthenticationManager constructor is deleted), and I get a SecurityTokenValidationException with the message "LogonUser failed for user" test ". Make sure the user has a valid Windows account."
source share