0

I'm currently investigating WCF for implementing a RESTful service that will run through IIS. Currently our software offers the ability to authenticate users against a range of sources

  1. Our own internal user accounts stored in the database

  2. A specified windows active directory where if authentication is successful, a lookup is done to find which internal account the winows one is linked to

  3. Another LDAP server e.g Novell

So the way I want this to work is that a client sends an http(s) request with an authentication header (basic for now) over SSL, then the service will use custom authentication to implement the process described above.

For the moment I am self-hosting the service and trying to get the custom authentication example working, it starts up correctly but all I get when I try to make a request from a browser or a tool where i can attach an authentication header is

"Error 101 (net::ERR_CONNECTION_RESET): The connection was reset."

I have set a breakpoint in the custom authentication class an it is never reached, so I'm guessing its a problem with the configuration.

My app.config;

<configuration>

...

<system.serviceModel>

    <bindings>
        <webHttpBinding>
            <binding name="secure">
                <security mode="Transport">
                    <transport clientCredentialType="Basic"></transport>
                </security>
            </binding>
        </webHttpBinding>
    </bindings>

  <services>
    <service name="CELCAT.RegisterMarker.RegisterMarker" behaviorConfiguration="myServiceBehavior">
      <endpoint address="https://mymachine:8001/servicename" 
                binding="webHttpBinding"
                bindingConfiguration="secure" 
                contract="myServiceContract" />
    </service>
  </services>

  <behaviors>
    <serviceBehaviors>
      <behavior name="myServiceBehavior">
        <serviceMetadata httpGetEnabled="True"/>
        <serviceDebug includeExceptionDetailInFaults="True"/>
          <serviceAuthorization serviceAuthorizationManagerType="MyServiceAuthorizationManager, authenticatonassembly" />

          <serviceCredentials>
              <userNameAuthentication userNamePasswordValidationMode="Custom"
                                      customUserNamePasswordValidatorType="servicenamespace, serviceassembly" />

              <serviceCertificate findValue="certname"
                                  storeLocation="LocalMachine"
                                  storeName="My"
                                  x509FindType="FindBySubjectName" />
          </serviceCredentials>
      </behavior>
    </serviceBehaviors>
  </behaviors>

</system.serviceModel>
</configuration>

I have read a post that said what I am trying to do is impossible out of the box with WCF and to achieve this I will need to write a custom module or request interceptor as describe below;

authentication via custom module; http://custombasicauth.codeplex.com/

authentication via request interceptor; http://www.codeproject.com/KB/WCF/BasicAuthWCFRest.aspx

This seems like it should be possible to me, so my questions are

  1. Is what i'm trying to do possible?
  2. If so what have I got wrong? or if not which work around is best?
Improve this question
6
  • Could you share a little bit about the IIS configuration? I'm assuming you have SSL setup, and that all methods of authentication are disabled on the website except Anonymous?
    – Andrew Church
    Commented Aug 2, 2012 at 13:45
  • I haven't tried this configuration in IIS yet. Currently I'm self hosting the service so I can debug the custom authentication class. If I can get this configuration working I guess I would have to allow anonymous authentication and insist on SSL?
    – Nathan Hadley
    Commented Aug 2, 2012 at 14:50
  • If your binding is set to force Transport security and you don't have SSL configured, it will refuse the connection.
    – Andrew Church
    Commented Aug 2, 2012 at 17:22
  • Don't list tag-like words in the question's title. Please rephrase it!
    – abatishchev
    Commented Aug 2, 2012 at 19:41
  • Thanks abatishchev, noted. Thanks Andrew, I thought the only things I needed to do to implement SSL when self hosting was configure a service certificate, use https in the address and set httpsGetEnabled to true in the service behaviour, have I missed some steps?
    – Nathan Hadley
    Commented Aug 3, 2012 at 9:24

2 Answers 2

Reset to default
2

OK after much googling and prompting from Andrew Church (Thanks Andrew) I've figured this out.

The problem was although I had generated a certificate, I hadn't bound it to a port. Steps to help generate certificates and binding them can be found at;

http://www.codeproject.com/Articles/24027/SSL-with-Self-hosted-WCF-Service

This however asks you to use httpcfg, this tool doesn't exist on Windows Vista or 7 (my OS), so a further Google revealed this article;

http://msdn.microsoft.com/en-us/library/ms733791.aspx

Which tells me to use netsh, perfect! Well not quite, because this requires a parameter called appid, I didn't know where I could find this so a further search lead back here;

What appid should I use with netsh.exe?

So I followed all of the steps, commented out the certificate part of my app.config and hey presto I hit my break point in the custom config.

Hope this helps anyone else with the same problem

Improve this answer
1
  • 1
    Just a follow up, this ONLY works when self hosting, it will NOT work when hosting in IIS
    – Nathan Hadley
    Commented Aug 21, 2012 at 19:28
0

I am not sure whether this will work, but what I've done in the past is use a custom HTTP module. Our API uses access tokens, so we use the module to inspect headers for the presence of a token, if it doesn't exist we redirect to an Authentication endpoint in the api. The endpoint expects Basic authentication. Hope this helps.

Improve this answer
1
  • Hi Andrew, it's not the authorization manager I was testing that works fine. My problem is with the custom AUTHENTICATION class. I did think I could use the authorization to do the authentication as well, but based on what I've seen and what I've read in MSDN, the user information isn't available to me there (I concede I may be wrong about that)
    – Nathan Hadley
    Commented Aug 3, 2012 at 9:23

Not the answer you're looking for? Browse other questions tagged or ask your own question.