Geek Answers Handbook

SharePoint 2010 WCF Custom Service - Windows and FBA Authentication

I have set up SharePoint 2010 for claims-based authentication using Windows and form-based authentication (FBA) for external users. I also need to develop custom WCF services . The problem is that I want Windows credentials to be passed to WCF services; however, it seems like I cannot get the Windows credentials passed to the services. My WCF user service seems to be using Anonymous authentication (which must be enabled in IIS in order to display the FBA login screen).

An example that I tried to execute is at http://msdn.microsoft.com/en-us/library/ff521581.aspx .

The WCF service is deployed to _vti_bin (ISAPI folder).

Here is the code for the .svc file

<%@ ServiceHost Language="C#" Debug="true" Service="MyCompany.CustomerPortal.SharePoint.UI.ISAPI.MyCompany.Services.LibraryManagers.LibraryUploader, $SharePoint.Project.AssemblyFullName$" Factory="Microsoft.SharePoint.Client.Services.MultipleBaseAddressBasicHttpBindingServiceHostFactory, Microsoft.SharePoint.Client.ServerRuntime, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" CodeBehind="LibraryUploader.svc.cs" %>

Here is the code for the .svc file

 [ServiceContract] public interface ILibraryUploader { [OperationContract] string SiteName(); } [BasicHttpBindingServiceMetadataExchangeEndpoint] [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)] public class LibraryUploader : ILibraryUploader { //just try to return site title right now… public string SiteName() { WindowsIdentity identity = ServiceSecurityContext.Current.WindowsIdentity; ClaimsIdentity claimsIdentity = new ClaimsIdentity(identity); return SPContext.Current.Web.Title; } }

The WCF validation client I just tested with (WPF application) uses the following code to call the WCF service ...

 private void Button1Click(object sender, RoutedEventArgs e) { BasicHttpBinding binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm; EndpointAddress endpoint = new EndpointAddress( "http://dev.portal.data-image.local/_vti_bin/MyCompany.Services/LibraryManagers/LibraryUploader.svc"); LibraryUploaderClient libraryUploader = new LibraryUploaderClient(binding, endpoint); libraryUploader.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; MessageBox.Show(libraryUploader.SiteName()); }

I'm a little inexperienced with IIS security settings / settings when it comes to claims and trying to use both Windows and FBA. I am also inexperienced when it comes to WCF security configurations. I usually develop internal business applications and let Visual Studio decide what to use because security is rarely a concern.

+6
forms-authentication windows-authentication sharepoint-2010 wcf-security
source share
1 answer

I think I understood the answer. The key is to create the web.config file and deploy it to the same folder as the .svc file. The web.config file must specify the binding to use " wsHttpBinding " instead of " basicHttpBinding ". I also removed the Factory attribute in the .svc declaration and the BasicHttpBindingServiceMetadataExchangeEndpoint attribute in the class.

0
source share

More articles:


All Articles