I have a WCF service (which accesses a database) on a Windows 2008 machine (IIS 7.5) called from Excel (VSTO - the Excel client is on the internal network) through a WebClient (uses a GET call through REST / webHttpBinding).
I want to pass user credentials to WCF. Then I want the method in the service to access the database as a person who is registered on the workstation from which Excel is initiated, but I return 401 (Unauthorized).
On the client I have (the note "base" refers to the WebClient class, which inherits my class): -
base.Credentials = CredentialCache.DefaultCredentials; base.OpenReadCompleted += new OpenReadCompletedEventHandler(ReadJsonStringAsyncComplete); base.OpenReadAsync(new Uri(address));
As part of the service, I have: -
[OperationContract] [WebInvoke(Method = "GET", UriTemplate = "/GetSomeData", RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)] SomeDataClass GetSomeData();
Service Configuration: -
<service name="zzzz.Service.xxxx.xxxx" behaviorConfiguration="DataExtractBehavior"> <endpoint address="" binding="webHttpBinding" bindingConfiguration="DataExtractBinding" behaviorConfiguration="MyEndpointBehavior" contract="zzzz.Service.xxxx.Ixxxx"> </endpoint> </service> ... <serviceBehaviors> <behavior name="DataExtractBehavior"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> <etwTracking profileName="EndToEndMonitoring Tracking Profile" /> </behavior> </serviceBehaviors> ... <webHttpBinding> <binding name="DataExtractBinding"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" ></transport> </security> </binding> </webHttpBinding> </bindings> ...
ConnectionString includes "integrated security=SSPI"
Notes:
- When I call a dummy method that just returns a string (without database calls), I get a successful response (no problem)
- Inside the WCF service, as far as I can see (via tracing), it falls on database calls (possibly because it cannot log in / authenticate using the database)
- Also in WCF methods, the ServiceSecurityContext.Current.WindowsIdentity property seems null
- I can access the methods inside the service when it is located on my workstation (it connects to the local database instance): problems arise when I deploy to the development machine that I do not have the same privileges on
- I tried NetworkCredentials (default and hardcoded userIs / password / domain)
- I have Windows authentication and ASP.NET mode is on (I tried only Windows Auth with Anon / ASP.NET / nothing else with mixed results - only another return code never failed)
- Impersonation is not currently installed, however I tried to set it to true (received 500)
Does anyone know how to successfully send user credentials in the above scenario (and therefore resolve the problem with HTTP 401).
Yours faithfully
Travis
source share