I have a web service which uses Windows Authentication. Web Service is hosted on IIS. Is it possible to narrow access to that web service only to few specific users? My current web config:
<services>
<service name="LANOS.SplunkSearchService.SplunkSearch">
<endpoint binding="basicHttpBinding" bindingConfiguration="basicHttp"
contract="LANOS.SplunkSearchService.ISplunkSearch" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="basicHttp" allowCookies="true" maxBufferSize="20000000"
maxBufferPoolSize="20000000" maxReceivedMessageSize="20000000">
<readerQuotas maxDepth="32" maxStringContentLength="200000000"
maxArrayLength="200000000" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
By the way, I tried a solution similar to this, which I found over the Internet:
<authentication mode="Windows"/>
<authorization>
<allow roles=".\Developers"/>
<allow users="DOMAIN\ServiceAccount"/>
<deny users="*"/>
</authorization>
It does not work though. :( It let all domain users pass through.
Wrox's Professional WCF 4 describes a way to set up UserName/Password authentication in Ch. 8. To summarize, you need a custom validator:
public class MyCustomUserNamePasswordValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if(userName != "foo" && password != "bar")
{
throw new SecurityTokenValidationException("Invalid user");
}
}
}
After that you need to add modify your userNameAuthentication element in the service configuration to "Custom" and define the validator:
<userNameAuthentication
userNamePasswordValidationMode = "Custom"
customUserNamePasswordValidatorType =
"Common.MyCustomUserNamePasswordValidator, Common" />
I hope this helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With