Enable Windows Authentication in WCF (with SSL)

There is a bug (by design?) in .net framework 3.5 sp1 related to enable Windows Authentication (WCF).
If the client configuration file is missing the identity setting for the endpoint (highlighted), it will always return the follow exception.

System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme ‘Negotiate’.

But if you add the identity setting, everything works. The interesting thing is the value of userPrincipalName can be set to anything!

< ?xml version="1.0" encoding="utf-8" ?>
<configuration>
   <system .serviceModel>
      <client>
         <endpoint address=https://enterprises:8020/test
                   binding="basicHttpBinding"
                   bindingConfiguration="SecureTransport"
                   contract="Contracts.IService"
                   name="client_endpoint">
            <identity>
               <userprincipalname value="dummy@whatever"/>
            </identity>
         </endpoint>
      </client>
      <bindings>
         <basichttpbinding>
            <binding name="SecureTransport">
               <security mode="Transport">
                  <transport clientCredentialType="Windows"/>
               </security>
            </binding>
         </basichttpbinding>
      </bindings>
   </system>
</configuration> 

References
http://merill.net/2009/02/microsoft-net-framework-35-sp1-breaks-microsoft-ccf-customer-care-framework/
https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=364077

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s