I was recently asked by a coworker, “How do I get the Windows Identity of a user calling my WCF service from Silverlight?” My answer to him was “To the Cloud!” No seriously, I put together a little demo application. I figured I would write a short blog post so that others can partake in the logic.
The first question to as is why do I care about the Windows credentials of the user? The simple answer is that I am building an internal Line of Business (LOB) application and I want to use Windows Authentication . This makes sense. If your company does not have a federated solution so that you can use claims base security, then Windows Authentication is the next best thing.
Start out by creating a Silverlight application using the defaults, letting the template create the web application for you.
The first thing that you want to do is set up the web application to restrict users from accessing your web resources (xap files, .svc files, etc…). To do that add the following code to your web.config file:
Obviously you would restrict the “allow” to specific domains and add a deny key for all other users. You can restrict down to the folder level, allowing different access rights to different folders.
Now you are ready to create the a service. For this example I am did a simple “Hello User” service. It has a single method that returns the Windows Identity of the user making the call.
Ok the service method is configured, you need to modify service configuration in the web.config.
The key to this is the “security” configuration in the binding. Once the service is configured you add a reference from the Silverlight client just like you would normally do. There is nothing else you have to do.
My coworker then came back and said, “Our services are hosted on a different server this surely this won’t work in that situation?” So I added another web application created an identical to the service I created in the original web application.
What do you think happened? The same results. So it didn’t matter what server the services were on a different servers.
In this situation the client technology doesn’t matter. The client could be WPF or even Winforms. The key is your service configuration.