Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WCF - How to configure netTcpBinding for NTLM authentication?

Tags:

authentication

wcf

nettcpbinding

ntlm

I know how to configure basicHttpBinding for NTLM authentication, but can't figure out a way to do the same for netTcpBinding.

Does netTcpBinding support NTLM? If so, how to force WCF service to use NTLM?

BTW a well known method using identity element for some reason didn't work at all. I am looking for something like this - clientCredentialType ="Ntlm" but for tcp. Here is basicHttp setting:

<basicHttpBinding>
  <binding name="BasicHttpBinding">
  <security mode ="TransportCredentialOnly">
  <transport clientCredentialType ="Ntlm"/>
  </security>
  </binding>
</basicHttpBinding>
like image 875
ablei2000 Avatar asked Feb 05 '10 05:02

ablei2000

1 Answers

Here is the comprehensive answer that I finally found, tested, and confirmed.

A. My WCF client used to build an EndPoint.Address dynamically as follow

EndPointAddress  myEdpintAddress = new EndPointAddress(stringURL);

But in the case of a secure transport (net.tcp) it has to be initialized as follow EndPointAddress myEdpintAddress = new EndPointAddress(new UrRL(string), myEndPointIdentity)

Without the EndPointIdentity parameters the Identity property in the EndPointAddress object is null, and generates the “...target principal name is incorrect... " error on the server side.

B. Our domain controller supports both Kerberos and Ntlm authentication. After above is done, generally there are four configuration scenarios on the client side for the net.tcp binding if security is other than “None”, and the WCF service runs as a domain account:

  1. No <identity> elements in the client endpoint specified - WCF call fails

  2. <identity> element provided, but with an empty value for dns, userPrioncipalName or servicePrincipalName elements - WCF call successful, but uses the Ntlm authentication

  3. <identity> element provided with the a value for dsn or SPN – WCF call successfull; service uses Ntlm to authenticate.

  4. <identity> element provided with the correct value for upn – WCF call successfull; service uses Kerberos for authenticate. Incorrect or missing value for upn trigger Ntlm authentication

Thanks.

like image 76
ablei2000 Avatar answered Oct 18 '22 14:10

ablei2000
Sign in to Comment

Related questions

WCF querying an array of objects
Is WCF the right choice for a long data import process?
Azure ACS 2.0 with Microsoft Account on Windows 8
How do you mock IContextChannel in a WCF ServiceAuthorizationManager?
Is there such a thing as too many WCF services? [closed]
Parameter 'sectionGroupName' is invalid
How to capture non-browser data using Fiddler
WCF Net.Msmq Service occasionally faults
Cross-domain error Silverlight + WCF
Passing large files to WCF service
.NET base type cannot be serialized by WCF
WCF Service hosted in IIS6 gets 404 in Production
WCF Service exposing DTO or Entity
Can WebInvoke attributes be replaced by binding configurations
WCF Service Backwards Compatibility Check
WCF Transport Security using Certificates is ignoring chain trust
Two WCF services with different contracts but same business objects
Consuming JSON-RPC web services in .NET
WCF Peer to Peer, Are There Nodes Out There?
wshttpbinding support in silverlight 4

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!