Enable SSL with windows authentication for WCF over basicHttpbinding

0
votes

I have read this post How can I use WCF with only basichttpbinding, SSL and Basic Authentication in IIS? It seems working fine if I set the clientCredentialType to "Basic",however when I set the clientCredentialType to "Windows" ,the Anonymous user can access my services.

Can someone shine some light on this?How can I disable Anonymous users.I have already disable it in ISS 7.5. What are the differeces betwee basic Authentication and Windows Authentication ?

Update when I set the clientCredentialType to "Windows" and I browse to my service url https://ServerName/myservice.svc,I am prompt with a login window ,however I can just type OK without type in User Name and Password , I can still see the service information page.However if I create a.html page on the virtual directory,then I have to enter user name and password.Otherwise I can not see the page.

1
wcfwcf-security

1 Answers

0
votes

Basic authentication takes an arbitrary username and password. Windows authentication sends the credentials of the currently logged in user (assuming the user is running windows) and is only really useful when both client and server are on the same domain.

It's also worth nothing that as sending windows login information across the internet is a potential security issue, firefox and more recent versions of IE won't send the credentials unless explicitly told to (a config setting for FF, moving the site to the "Trusted" zone for IE)