Edit

Message Security Windows

  • Article

This sample demonstrates how to configure a WSHttpBinding binding to use message-level security with Windows authentication. This sample is based on the Getting Started. In this sample, the service is hosted in Internet Information Services (IIS) and the client is a console application (.exe).

Note

The setup procedure and build instructions for this sample are located at the end of this topic.

The default security for the <wsHttpBinding> is message security using Windows authentication. The configuration files in this sample explicitly set the mode attribute of the <security> to Message and the clientCredentialType attribute to Windows. These values are the default values for this binding, but they have been explicitly configured, as shown in the following sample configuration to demonstrate their use.

<bindings>
    <wsHttpBinding>
        <binding>
            <security mode="Message">
                <message clientCredentialType="Windows"/>
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

The client endpoint configuration consists of an absolute address for the service endpoint, the binding, and the contract. The client binding is configured with the appropriate securityMode and authenticationMode.

<system.serviceModel>
  <client>
    <endpoint address=
            "http://localhost/servicemodelsamples/service.svc"
            binding="wsHttpBinding"
            bindingConfiguration="Binding1"
            contract="Microsoft.ServiceModel.Samples.ICalculator" />
  </client>

  <bindings>
    <wsHttpBinding>
      <!-- The default security for the WSHttpBinding is -->
      <!-- Message security using Windows authentication. -->
      <!-- This configuration explicitly defines the security mode -->
      <!-- as Message and the clientCredentialType as Windows -->
      <!-- for demonstration purposes. -->
      <binding name="Binding1">
        <security mode="Message">
          <message clientCredentialType="Windows"/>
        </security>
      </binding>
    </wsHttpBinding>
  </bindings>
</system.serviceModel>

The service source code has been modified to demonstrate how the ServiceSecurityContext can be used to access the identity of the caller.

public string GetCallerIdentity()
{
    // The Windows identity of the caller can be accessed on the ServiceSecurityContext.WindowsIdentity.
    return OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name;
}

When you run the sample, the operation requests and responses are displayed in the client console window. The first method called - GetCallerIdentity - returns the name of the caller identity back to the client. Press ENTER in the console window to shut down the client.

To set up, build, and run the sample

  1. Ensure that you have performed the One-Time Setup Procedure for the Windows Communication Foundation Samples.

  2. To build the C# or Visual Basic .NET edition of the solution, follow the instructions in Building the Windows Communication Foundation Samples.

  3. To run the sample in a single- or cross-computer configuration, follow the instructions in Running the Windows Communication Foundation Samples.