Enabling windows authentication on a REST enabled service is relatively easier task than it’s appear. To test that windows authentication is enabled successfully or not use other browser than Internet explorer because IE will automatically do an NTLM negotiation with domain credentials. So when REST service is running in IE, it is not prompting for user credentials.

Service

 A very simple contract as REST service, I am going to use.
Contract

namespace RestserviceWindows{

[ServiceContract]

public interface IService1{
[OperationContract]
[WebGet()]
string GetData();
}}

 Service implementation

namespace RestserviceWindows{

public classService1 : IService1
{
public string GetData(){
return “Testing Windows Authentication with REST service”;
}}}

Configuring the Service

Method #1 Using Factory class

  1. Create a simple REST service. To create a REST service navigates to File->New->Project->Web and select WCF Service Application project template.
  2. WCF will create default endpoints inside System.ServiceModel. Delete both the default endpoints. Delete below end points.
<endpoint address=“” binding=wsHttpBindingcontract=RestserviceWindows.IService1>

<identity>
<dns value=localhost/>
</identity>
</endpoint>
<endpoint address=mexbinding=mexHttpBindingcontract=IMetadataExchange/>

 

  1. Right click on .SVC file. If your service name is Service1 then right click on Service1.svc. After right clicking select View Markup. Add Factory here
<%@
ServiceHost
Language=”C#”
Debug=”true”
Service=”RestserviceWindows.Service1″
CodeBehind=”Service1.svc.cs”
Factory=”System.ServiceModel.Activation.WebServiceHostFactory
%>

 

  1. Host the service in IIS. To host right click on service and Publish in IIS.
  2. Configure IIS for windows authentication.

The above 5 steps are required to host a REST service in IIS with windows authentication.

Method #2 Configuring End Point without Meta Data

  1. Create a simple REST service. To create a REST service navigates to File->New->Project->Web and select WCF Service Application project template.
  2. Delete endpoint address for MEX and binding mexHttpBinding
  3. Configure EndPoint to enable REST service.
  4. Configure EndPoint to enable windows authentication on the service.
  5. Configure End Point behavior.
  6. Make sure, there is no factory class provided for the service in markup of .svc

     

<%@
ServiceHost
Language=”C#”
Debug=”true”
Service=”RestserviceWindows.Service1″
CodeBehind=”Service1.svc.cs” %>

 

  1. Host the service in IIS. To host right click on service and Publish in IIS.
  2. Configure IIS for windows authentication.
<system.serviceModel>

<services>

<service
name=RestserviceWindows.Service1
behaviorConfiguration=RestserviceWindows.Service1Behavior>            

<endpoint
address=“”
binding=webHttpBinding
contract=RestserviceWindows.IService1
bindingConfiguration =RESTBINDING
behaviorConfiguration =REST>

<identity>

<dns
value=localhost/>

</identity>

</endpoint>

</service>

</services>

<behaviors>

<serviceBehaviors>

<behavior
name=RestserviceWindows.Service1Behavior>                    

<serviceMetadata
httpGetEnabled=true/>                    

<serviceDebug
includeExceptionDetailInFaults=false/>

</behavior>

</serviceBehaviors>


<
endpointBehaviors>

<behavior
name =REST>

<webHttp/>

</behavior>

</endpointBehaviors>

</behaviors>


<
bindings>

<webHttpBinding>

<binding
name =RESTBINDING>

<security
mode =TransportCredentialOnly>

<transport
clientCredentialType =Windows/>

</security>

</binding>


</
webHttpBinding>

</bindings>

    </system.serviceModel>

 

Method # 3 Configuring End Point with Meta Data

So far in above two methods, Meta Data is not getting exposed. Because mexHttpBinding only supports anonymous binding. So to enable windows authentication on mexHttpBinding , we need to configure IMetaDataContract with some other binding like basicHttpBinding or webHttpBinding.

  1. Create a simple REST service. To create a REST service navigates to File->New->Project->Web and select WCF Service Application project template.
  2. Configure EndPoint to enable REST service.
  3. Configure EndPoint to enable windows authentication on the service.
  4. Configure End Point behavior for both End Points.
  5. Make sure, there is no factory class provided for the service in markup of .svc
<%@
ServiceHost
Language=”C#”
Debug=”true”
Service=”RestserviceWindows.Service1″
CodeBehind=”Service1.svc.cs” %>

 

  1. Host the service in IIS. To host right click on service and Publish in IIS.
  2. Configure IIS for windows authentication.
<system.serviceModel>

        <services>

            <service
name=RestserviceWindows.Service1
behaviorConfiguration=RestserviceWindows.Service1Behavior>                

                <endpoint
address=“”
binding=webHttpBinding
contract=RestserviceWindows.IService1
bindingConfiguration =RESTBINDING
behaviorConfiguration =REST>

                <identity>

<dns
value=localhost/>

</identity>

</endpoint>

                <endpoint
address=mex
binding=webHttpBinding
contract=IMetadataExchange
bindingConfiguration =RESTBINDING/>

            </service>

        </services>

        <behaviors>

            <serviceBehaviors>

                <behavior
name=RestserviceWindows.Service1Behavior>                    

                    <serviceMetadata
httpGetEnabled=true/>                    

                    <serviceDebug
includeExceptionDetailInFaults=false/>

                </behavior>

            </serviceBehaviors>


<
endpointBehaviors>

<behavior
name =REST>

<webHttp/>

</behavior>

</endpointBehaviors>

        </behaviors>

<bindings>

<webHttpBinding>

<binding
name =RESTBINDING>

<security
mode =TransportCredentialOnly>

<transport
clientCredentialType =Windows/>

</security>

</binding>

</webHttpBinding>

</bindings>

    </system.serviceModel>

 

Note: Binding for IMetaDataExchange contract is webHttpBinding.

Consuming the Service

To enable a client to consume a windows authenticated WCF service, client has to pass domain credentials . If HttpClient is used by the client to consume the service then client has to set the credential like

clt.TransportSettings.Credentials=System.Net.CredentialCache.DefaultCredentials;

where clt is instance of HttpClient .

  1. Add Microsoft.Http and System.RunTime.Serlization assembly at refernece
  2. Add namespace of Microsoft.Http and System.Runtime.Serlization
  3. Create insatnce of HttpClint
  4. Set the default credential from the cache.
  5. Perfrom HTTP operation.

 

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using Microsoft.Http;

using System.Runtime.Serialization;

using System.Net;

namespace ConsoleApplication1

{

class Program

{
static void Main(string[] args)
{
string url = http://localhost/RESTTESTING/Service1.svc/GetData;

HttpClient clt = new HttpClient();

clt.TransportSettings.Credentials = System.Net.CredentialCache.DefaultCredentials;
HttpResponseMessage msg = clt.Get(url);

string str = msg.Content.ReadAsDataContract<string>();

Console.WriteLine(str);

Console.Read();
}}}

Advertisements

One thought on “WINDOWS authentication on REST enabled WCF service

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s