Export (0) Print
Expand All

Transport Security with Windows Authentication

The following scenario shows a Windows Communication Foundation (WCF) client and service secured by Windows security. For more information about programming, see How to: Secure a Service with Windows Credentials.

An intranet Web service displays human resources information. The client is a Windows Form application. The application is deployed in a domain with a Kerberos controller securing the domain.

Transport security with Windows authentication

Characteristic

Description

Security Mode

Transport

Interoperability

WCF only

Authentication (Server)

Authentication (Client)

Yes (using Windows integrated authentication)

Yes (using Windows integrated authentication)

Integrity

Yes

Confidentiality

Yes

Transport

NET.TCP

Binding

NetTcpBinding

The following code and configuration are meant to run independently. Do one of the following:

  • Create a stand-alone service using the code with no configuration.

  • Create a service using the supplied configuration, but do not define any endpoints.

ms733089.collapse_all(en-us,VS.110).gifCode

The following code shows how to create a service endpoint that uses a Windows security.


// Create the binding.
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType =
    TcpClientCredentialType.Windows;

// Create the URI for the endpoint.
Uri netTcpUri = new Uri("net.tcp://localhost:8008/Calculator");

// Create the service host and add an endpoint.
ServiceHost myServiceHost = new ServiceHost(typeof(Calculator), netTcpUri);
myServiceHost.AddServiceEndpoint(typeof(ServiceModel.ICalculator), binding, "");

// Open the service.
myServiceHost.Open();
Console.WriteLine("Listening...");
Console.ReadLine();

// Close the service.
myServiceHost.Close();


ms733089.collapse_all(en-us,VS.110).gifConfiguration

The following configuration can be used instead of the code to set up the service endpoint:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
    <behaviors />
    <services>
      <service behaviorConfiguration="" name="ServiceModel.Calculator">
        <endpoint address="net.tcp://localhost:8008/Calculator" 
                  binding="netTcpBinding"
          bindingConfiguration="WindowsClientOverTcp" 
                  name="WindowsClientOverTcp"
                  contract="ServiceModel.ICalculator" />
      </service>
    </services>
    <bindings>
      <netTcpBinding>
        <binding name="WindowsClientOverTcp">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </netTcpBinding>
    </bindings>
    <client />
  </system.serviceModel>
</configuration>

The following code and configuration are meant to run independently. Do one of the following:

  • Create a stand-alone client using the code (and client code).

  • Create a client that does not define any endpoint addresses. Instead, use the client constructor that takes the configuration name as an argument. For example:

    
    CalculatorClient cc = new CalculatorClient("EndpointConfigurationName");
    
    
    

ms733089.collapse_all(en-us,VS.110).gifCode

The following code creates the client. The binding is configured to use the Transport mode security, with the TCP transport, with the client credential type set to Windows.


// Create the binding.
NetTcpBinding myBinding = new NetTcpBinding();
myBinding.Security.Mode = SecurityMode.Transport;
myBinding.Security.Transport.ClientCredentialType =
    TcpClientCredentialType.Windows;

// Create the endpoint address.
EndpointAddress myEndpointAddress = new
    EndpointAddress("net.tcp://localhost:8008/Calculator");

// Create the client. The code for the calculator client 
// is not shown here. See the sample applications
// for examples of the calculator code.	
CalculatorClient cc =
    new CalculatorClient(myBinding, myEndpointAddress);
try
{
    cc.Open();

    // Begin using the client.
    Console.WriteLine(cc.Add(100, 11));
    Console.ReadLine();

    // Close the client.
    cc.Close();
}


ms733089.collapse_all(en-us,VS.110).gifConfiguration

The following configuration can be used instead of the code to create the client.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
    <bindings>
      <netTcpBinding>
        <binding name="NetTcpBinding_ICalculator" >
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </netTcpBinding>
    </bindings>
    <client>
      <endpoint address="net.tcp://localhost:8008/Calculator" 
                binding="netTcpBinding"          
                bindingConfiguration="NetTcpBinding_ICalculator" 
                contract="ICalculator"
                name="NetTcpBinding_ICalculator">
      </endpoint>
    </client>
  </system.serviceModel>
</configuration>
Show:
© 2014 Microsoft