I'm trying to setup a Client/Server scenario as follows:
Client:
- WPF
- .NET Framework 4.7.2
Server:
- ASP.NET
- .NET Framework 4.7.2
- WCF
- IIS Hosted
- Windows Authentication
- HTTPS only (port 80 not mapped)
The WCF service connects to MSSQL using Windows Authentication, and the Application pool uses a Domain service account (for debugging it uses my Windows Account).
What I'm trying to accomplish is:
- WPF clients authenticate using Windows Authentication
- Only a select set of users are allowed to connect to the IIS WCF Service
- HTTP traffic only runs though HTTPS transport.
My main problems is configuring IIS and Web.Config (Bindings) in such a way that everything just works, where prefereably the WCF Client doesn't need to declare bindings and endpoint in code. (var client = new wcfclient() .. and thats it).
IIS Config:
- Certificate: is a self signed SSL cert (in production its a real one)
- Authentication: Windows Auth enabled, the rest is disabled (do i need to worry about Negotiate vs NTLM ??)
- Binding: HTTPS
.NET Authorization Rules:
- Deny: Anonymous Users (local)
- Allow: (Comma separated list of Domain Users (local)
- Deny: All Users (local)
- Allow: All Users (inherited)
System.Web
- Authentication Model="Windows"
System.ServiceModel
<system.serviceModel>
<services>
<service name="Modelkatalog.Service.CatalogService">
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="secureHttpBindingConfiguration"
contract="Modelkatalog.Service.ICatalogService"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="secureHttpBindingConfiguration">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Client Config
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ICatalogService">
<security mode="Transport" />
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://modelkatalog.local/CatalogService.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ICatalogService"
contract="CatalogService.ICatalogService"
name="WSHttpBinding_ICatalogService">
<identity>
<!-- THIS DOESN'T LOOK RIGHT -->
<userPrincipalName value="[email protected]" />
</identity>
</endpoint>
</client>
</system.serviceModel>
wsHttpBinding vs basicHttpBinding I've been reading about each and tried both .. both of them end up with some kind of HTTP negotiation error or some error with HTTP vs HTTPS address mapping
Currently im getting this "The authentication header received from the server was 'Negotiate,NTLM'"
How do i make this happen ?
