Thursday, May 24, 2012

double hop authentication resolution


The dreaded doublehop authentication issue was recently a thorn in my side no one was able to answer.  Finally I have come to the answer.  For anyone out there having this issue, there are only a few steps you need to follow to get you website to call your wcf with the logged on users authentication.  I am not sure that all of the steps below are needed, but if it works I am willing to do them all.  I have highlighted the key components of each that I believe together resolve this issue.

On the wcf method (not the interface declaration)
<OperationBehavior(impersonation:=ImpersonationOption.Allowed)>
Add a Behavior attribute to the WCF Project config (this can either be added directly to config or added via wcf configuration utility
<behaviors>
      <serviceBehaviors>
        <behavior name="customBehaviorName">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="UseWindowsGroups" impersonateCallerForAllOperations="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>


In the website add the service reference to the WCF service
set up the serviceclient
Dim client As New ServiceReference1.Service1Client()
        client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation
        client.ChannelFactory.Credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials
         client.methodWithPassThroughAuthentication()

As a note, at the IIS level I also have Windows Authentication and ASP.NET Impersonatation enabled on the Website , and Anonymous Authentication and Windows Authentication enabled for the WCF service.

thanks to Peter T for providing the link that finally led me to figure this one out.
http://blogs.msdn.com/b/securitytools/archive/2009/11/04/double-hop-windows-authentication-with-iis-hosted-wcf-service.aspx
Posted by at No comments:
Labels: , ,

Bind enum to dropdownlist



    Public Function GetListItemsFromEnum(enumType As Type) As ListItemCollection
        'container to be returned
        Dim items As New ListItemCollection()
        'break down the enumerator items into key/value pairs
        Dim names As String() = [Enum].GetNames(enumType)
        Dim values As Array = [Enum].GetValues(enumType)
        'piece together the key/pairs into the listitem collection
        For i As Integer = 0 To names.Length - 1
            items.Add(New ListItem(names(i).ToString, CInt(values(i)).ToString))
        Next
        'return it
        Return items
    End Function


   Public Sub Page_Load(sender as object, e as eventargs) handles Me.Load
        ddl.DataSource = GetListItemsFromEnum(GetType(EnumerationName))
        ddl.DataTextField = "text"
        ddl.DataValueField = "value"
        ddl.DataBind()
   End Sub

code thanks to http://forums.asp.net/t/1269514.aspx/1
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)