SharePoint 2010 Custom WCF Service - Windows and FBA Authentication
- by e-rock
I have SharePoint 2010 configured for Claims Based Authentication with both Windows and Forms Based Authentication (FBA) for external users. I also need to develop custom WCF Services. The issue is that I want Windows credentials passed into the WCF Service(s); however, I cannot seem to get the Windows credentials passed into the services. My custom WCF service appears to be using Anonymous authentication (which has to be enabled in IIS in order to display the FBA login screen).
The example I have tried to follow is found at http://msdn.microsoft.com/en-us/library/ff521581.aspx.
The WCF service gets deployed to _vti_bin (ISAPI folder).
Here is the code for the .svc file
<%@ ServiceHost Language="C#" Debug="true"
Service="MyCompany.CustomerPortal.SharePoint.UI.ISAPI.MyCompany.Services.LibraryManagers.LibraryUploader, $SharePoint.Project.AssemblyFullName$"
Factory="Microsoft.SharePoint.Client.Services.MultipleBaseAddressBasicHttpBindingServiceHostFactory, Microsoft.SharePoint.Client.ServerRuntime, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
CodeBehind="LibraryUploader.svc.cs" %>
Here is the code behind for the .svc file
[ServiceContract]
public interface ILibraryUploader
{
[OperationContract]
string SiteName(); }
[BasicHttpBindingServiceMetadataExchangeEndpoint]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
public class LibraryUploader : ILibraryUploader
{
//just try to return site title right now…
public string SiteName()
{
WindowsIdentity identity = ServiceSecurityContext.Current.WindowsIdentity;
ClaimsIdentity claimsIdentity = new ClaimsIdentity(identity);
return SPContext.Current.Web.Title;
}
}
The WCF test client I have just to test it out (WPF app) uses the following code to call the WCF service...
private void Button1Click(object sender, RoutedEventArgs e)
{
BasicHttpBinding binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
EndpointAddress endpoint =
new EndpointAddress(
"http://dev.portal.data-image.local/_vti_bin/MyCompany.Services/LibraryManagers/LibraryUploader.svc");
LibraryUploaderClient libraryUploader = new LibraryUploaderClient(binding, endpoint);
libraryUploader.ClientCredentials.Windows.AllowedImpersonationLevel =
System.Security.Principal.TokenImpersonationLevel.Impersonation;
MessageBox.Show(libraryUploader.SiteName());
}
I am somewhat inexperienced with IIS security settings/configurations when it comes to Claims and trying to use both Windows and FBA. I am also inexperienced when it comes to WCF configurations for security. I usually develop internal biz apps and let Visual Studio decide what to use because security is rarely a concern.