I was recently asked by a coworker, “How do I get the Windows Identity of a user calling my WCF service from Silverlight?” My answer to him was “To the Cloud!” No seriously, I put together a little demo application. I figured I would write a short blog post so that others can partake in the logic.
The first question to as is why do I care about the Windows credentials of the user? The simple answer is that I am building an internal Line of Business (LOB) application and I want to use Windows Authentication . This makes sense. If your company does not have a federated solution so that you can use claims base security, then Windows Authentication is the next best thing.
Start out by creating a Silverlight application using the defaults, letting the template create the web application for you.
The first thing that you want to do is set up the web application to restrict users from accessing your web resources (xap files, .svc files, etc…). To do that add the following code to your web.config file:
Obviously you would restrict the “allow” to specific domains and add a deny key for all other users. You can restrict down to the folder level, allowing different access rights to different folders.
Now you are ready to create the a service. For this example I am did a simple “Hello User” service. It has a single method that returns the Windows Identity of the user making the call.
Ok the service method is configured, you need to modify service configuration in the web.config.
The key to this is the “security” configuration in the binding. Once the service is configured you add a reference from the Silverlight client just like you would normally do. There is nothing else you have to do.
My coworker then came back and said, “Our services are hosted on a different server this surely this won’t work in that situation?” So I added another web application created an identical to the service I created in the original web application.
What do you think happened? The same results. So it didn’t matter what server the services were on a different servers.
In this situation the client technology doesn’t matter. The client could be WPF or even Winforms. The key is your service configuration.
I’m really struggling with this one. I’ve updated my web.config and service according to your examples (very silmilar to other things I’ve tried). Still no good, works running locally, returns nothing when I deploy it to the web server. This problem is maddening. Do I need to do something on IIS? One of the other things I tried was setting Authenication on my site to Digest, I can get user info this way, but it requires the user to enter username and password. Defeats the purpose. Any help you or anyone can offer would be greatly appreciated.
It sounds like you have an IIS configuration issue that is not related to the example. Two things I would check are the permissions on the folder where the physical files are located. See if Authenticate Users and IIS_IUSRS have read and execute permissions. The look at your Authentication settings for your site, Anonymous Authentication and Windows Authentication need to be enabled. These are the quick things that I can think of off the top of my head.