CredentialCache.DefaultNetworkCredentials empty when using TransportWithMessageCredential

4
votes

I'm currently trying to use TransportWithMessageCredentials and https on my wcf project. I have set both the client and the server security mode="TransportWithMessageCredential" and the clientCredentialType="Windows".

When I go to get the credentials from CredentialCache.DefaultNetworkCredentials, the username, password and domain are all empty.

Any reason why these would be empty? If they will always be empty, where would I get the credentials to pass?

How would I pass the logged in user credentials to the service without prompting them for a login?

Client binding

<basicHttpBinding>
    <binding name="ClientHttpEndpoint" closeTimeout="00:01:00"
    openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:02:00"
    allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
    maxBufferSize="4194304" maxBufferPoolSize="524288" maxReceivedMessageSize="4194304"
    messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
    useDefaultWebProxy="true">
        <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
        </security>
    </binding>
</basicHttpBinding>

Server binding

<basicHttpBinding>
    <binding name="WindowsTransportCredentialBinding" maxBufferSize="524288"maxReceivedMessageSize="524288">
        <readerQuotas maxDepth="128" maxStringContentLength="1048576" />
        <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="Windows" />
        </security>
    </binding>
</basicHttpBinding>

...

<service name="Test.DiagnosticService">
    <endpoint binding="basicHttpBinding" bindingConfiguration="WindowsTransportCredentialBinding" name="ClientDiagnosticEndpoint" contract="Test.IDiagnostic" />
</service>

Code to set the username and password

ChannelFactory<IDiagnostic> test = new ChannelFactory<IDiagnostic>(DIAGNOSTIC_ENDPOINT_NAME);
test.Credentials.UserName.UserName = "TestUser";
test.Credentials.UserName.Password = "User";
return test.CreateChannel();
1
wcfwcf-bindingwcf-security
Are you asking how to pass the current user logged into Windows to the service? - Jeremy
Yes. I would like to pass the currently logged in user credentials (windows) to the service. (i edited the original post) - user851974
is the service hosted in IIS? or self hosted - EdmundYeung99
First, I think your bindings are mismatched. Server is missing <message> tag. Then, your client binding requires you to provide user/password in message header. You cannot access Windows password without user actually typing it in, it would have been a major security hole. If you want to send current Windows credentials, you can try Transport security mode and clientCredentialType of Windows or Ntlm in <transport>. Your server should then get user token than can be used to get user name. - Sergey

1 Answers

0
votes

The ICredentials instance returned by DefaultCredentials cannot be used to view the user name, password, or domain of the current security context.

http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultcredentials%28v=vs.90%29.aspx