Home Library Learn Downloads Support Community
Sign in | United States - English | |
1 out of 2 rated this helpful - Rate this topic

Transport Security with Windows Authentication

.NET Framework 4

The following scenario shows a Windows Communication Foundation (WCF) client and service secured by Windows security. For more information about programming, see How to: Secure a Service with Windows Credentials.

An intranet Web service displays human resources information. The client is a Windows Form application. The application is deployed in a domain with a Kerberos controller securing the domain.

Transport security with Windows authentication

Characteristic Description

Security Mode

Transport

Interoperability

WCF only

Authentication (Server)

Authentication (Client)

Yes (using Windows integrated authentication)

Yes (using Windows integrated authentication)

Integrity

Yes

Confidentiality

Yes

Transport

NET.TCP

Binding

NetTcpBinding

Service

The following code and configuration are meant to run independently. Do one of the following:

  • Create a stand-alone service using the code with no configuration.

  • Create a service using the supplied configuration, but do not define any endpoints.

Code

The following code shows how to create a service endpoint that uses a Windows security.

C#
VB
Copy 
// Create the binding.
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType =
    TcpClientCredentialType.Windows;

// Create the URI for the endpoint.
Uri netTcpUri = new Uri("net.tcp://localhost:8008/Calculator");

// Create the service host and add an endpoint.
ServiceHost myServiceHost = new ServiceHost(typeof(Calculator), netTcpUri);
myServiceHost.AddServiceEndpoint(typeof(ServiceModel.ICalculator), binding, "");

// Open the service.
myServiceHost.Open();
Console.WriteLine("Listening...");
Console.ReadLine();

// Close the service.
myServiceHost.Close();

Configuration

The following configuration can be used instead of the code to set up the service endpoint:

Copy 
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
    <behaviors />
    <services>
      <service behaviorConfiguration="" name="ServiceModel.Calculator">
        <endpoint address="net.tcp://localhost:8008/Calculator" 
                  binding="netTcpBinding"
          bindingConfiguration="WindowsClientOverTcp" 
                  name="WindowsClientOverTcp"
                  contract="ServiceModel.ICalculator" />
      </service>
    </services>
    <bindings>
      <netTcpBinding>
        <binding name="WindowsClientOverTcp">
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </netTcpBinding>
    </bindings>
    <client />
  </system.serviceModel>
</configuration>

Client

The following code and configuration are meant to run independently. Do one of the following:

  • Create a stand-alone client using the code (and client code).

  • Create a client that does not define any endpoint addresses. Instead, use the client constructor that takes the configuration name as an argument. For example:

    C#
    VB
    Copy 
    CalculatorClient cc = new CalculatorClient("EndpointConfigurationName");

Code

The following code creates the client. The binding is configured to use the Transport mode security, with the TCP transport, with the client credential type set to Windows.

C#
VB
Copy 
// Create the binding.
NetTcpBinding myBinding = new NetTcpBinding();
myBinding.Security.Mode = SecurityMode.Transport;
myBinding.Security.Transport.ClientCredentialType =
    TcpClientCredentialType.Windows;

// Create the endpoint address.
EndpointAddress myEndpointAddress = new
    EndpointAddress("net.tcp://localhost:8008/Calculator");

// Create the client. The code for the calculator client 
// is not shown here. See the sample applications
// for examples of the calculator code.    
CalculatorClient cc =
    new CalculatorClient(myBinding, myEndpointAddress);
try
{
    cc.Open();

    // Begin using the client.
    Console.WriteLine(cc.Add(100, 11));
    Console.ReadLine();

    // Close the client.
    cc.Close();
}

Configuration

The following configuration can be used instead of the code to create the client.

Copy 
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
    <bindings>
      <netTcpBinding>
        <binding name="NetTcpBinding_ICalculator" >
          <security mode="Transport">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </netTcpBinding>
    </bindings>
    <client>
      <endpoint address="net.tcp://localhost:8008/Calculator" 
                binding="netTcpBinding"          
                bindingConfiguration="NetTcpBinding_ICalculator" 
                contract="ICalculator"
                name="NetTcpBinding_ICalculator">
      </endpoint>
    </client>
  </system.serviceModel>
</configuration>

See Also

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ