.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
 
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
david stephan

Home >> Articles >> WCF >> Post New Resource Bookmark and Share   

 Subscribe to Articles

NTLM Authentication in WCF

Posted By:Dhananjay Kumar       Posted Date: December 18, 2009    Points: 25    Category: WCF    URL: http://www.dotnetspark.com  
 

NTLM Authentication in WCF

Objective

This document will explain various combinations of IIS and WCF NTLM/Windows authentication settings.

What is difference between NTLM and WINDOWS authentication in WCF?

Windows authentication = authentication in NTLM + authentication in Active Directory
NTLM authentication = authentication in only NTLM

IIS configuration

For all scenario IIS is configured for Windows authentication. What I mean is Windows Authentication is enabled and all other authentication is disabled.
Navigate to below path to open ApplicationHost.Config file of IIS.

C:\Windows\System32\inetsrv\config\applicationHost.config

Binding used in WCF service

For all scenario basicHttpBinding being used for WCF service.

Scenario #1

Default setting for IIS Applicationhost.Config is

<windowsAuthentication enabled="false">
  <providers>
  <add value="Negotiate" />
  <add value="NTLM" />
  providers>
  windowsAuthentication>


If IIS APP.Config file is having default setting, then we can have any authentication for WCF service corresponding IIS configured; WCF service will run as expected without any error.

 Note: SharePoint is running as expected

Browsers Behavior with default settings

1.  IE 7.0 is  not asking for authentication

2.  Fire Fox 3.5.6 is asking user to authenticate



3.  Safari  4.0.4 is asking user to authenticate



Scenario #2

If   IIS Applicationhost.Config File setting has been modified as below, where forcefully Windows authentication is enabled for Kerberos then we have to modify service with Windows authentication.

<windowsAuthentication enabled="true">
  <providers>
  <add value="Negotiate" />
 
  providers>
  windowsAuthentication>

WCF configuration setting for Windows authentication should be

<basicHttpBinding>
  <binding name="BasicHttpBinding">
  <security mode ="TransportCredentialOnly">
  <transport clientCredentialType ="Windows"/>
  security>
  binding>
  basicHttpBinding>

 Note: SharePoint is running as expected

Browsers Behavior with default settings

1.  IE 7.0 is  not asking for authentication

2.  Fire Fox 3.5.6 is asking user to authenticate



3.  Safari  4.0.4 is asking user to authenticate


Scenario #3

If IIS Applicationhost.Config File setting has been modified as below, where forcefully Windows authentication is enabled for NTLM
<windowsAuthentication enabled="true">
  <providers>
 
  <add value="NTLM" />
  providers>
 windowsAuthentication>

And we go with Windows authentication for the service, we will get below error

<basicHttpBinding>
  <binding name="BasicHttpBinding">
  <security mode ="TransportCredentialOnly">
  <transport clientCredentialType ="Windows"/>
  security>
  binding>
  basicHttpBinding>
 


So to remove above error, WCF configuration setting for should be modified for the NTLM authentication.

<basicHttpBinding>
  <binding name="BasicHttpBinding">
  <security mode ="TransportCredentialOnly">
  <transport clientCredentialType ="Ntlm"/>
  security>
  binding>
  basicHttpBinding>


 Note: SharePoint is running as expected


Browsers Behavior with default settings

4.  IE 7.0 is  not asking for authentication

5.  Fire Fox 3.5.6 is asking user to authenticate



6.  Safari  4.0.4 is asking user to authenticate



Summary

Sl No IIS (Applicationhost.Config ) setting WCF (Web.config) setting
1 Default Ntlm and Windows Binding behavior
2 Windowauthentication = true and Value = Negotiate Windows authenticated Bidding behavior
3 Windowauthentication = true and Value = Ntlm Ntlm  authenticated Binding behavior

So,
1.   If we have ApplicationHost.Config of IIS configured as default, we can have either of Ntlm or Windows authentications for WCF service.

2.  If we have ApplicationHost.Config of IIS configured as Ntlm, we can have only Ntlm authentication for WCF service.

3.  If we have ApplicationHost.Config of IIS configured as Windows, we can have only Windows authentication for WCF service.

 Subscribe to Articles

     

Further Readings:

Responses

No response found. Be the first to respond this post

Post Comment

You must Sign In To post reply
Find More Articles on C#, ASP.Net, Vb.Net, SQL Server and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend