I have a remote WCF service, hosted on IIS. Then I have a ASP.NET MVC website hosted on Azure Websites.
The website uses Azure Active Directory to authenticate the user and it works fine. However, the WCF service requires correct Windows (domain-based) credentials in order to return results.
When I instantiate the service within my ASP.NET MVC app, I am using:
SomeService.ServiceClient client = new ServiceClient ("SOAP");
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
This is backed by the Web.config
file:
<basicHttpBinding>
<binding name="SOAP" allowCookies="true" maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
When I run this locally, it works fine - I am picking up the credentials from the local AppPool and those are valid to access the WCF service. However, once I deploy the website to Azure, the above breaks because obviously the service is not aware of the credentials that I have locally.
Question:
Is there a way for me to pass Windows credentials to the WCF service through the browser without breaking the AAD auth stack, since I only need those for the WCF connection and nothing else? I am perfectly fine with showing a system prompt for credentials.