I'm trying to use basic authentication with my WCF Rest/JSON service.
Therefore I've create a class which derives from "UserNamePasswordValidator" and added it to my web.config. In IIS only Basic Authentication is enabled.
Unfortunately this class is never called. When I call a rest method in my browser the dialog for entering the username and password is shown but nothing happens after that.
Here my web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext"
value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<identity impersonate="true" />
</system.web>
<system.serviceModel>
<services>
<service name="myTimeMvc.Webservice.MyTimeRestService"
behaviorConfiguration="returnFaults">
<endpoint behaviorConfiguration="restfulBehavior"
binding="webHttpBinding"
bindingConfiguration="webBinding"
contract="myTimeMvc.Webservice.IMyTimeRestService" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="webBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="restfulBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="returnFaults">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceCredentials>
<!--<serviceCertificate findValue="MyWebSite"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />-->
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="myTimeServiceDemoa.WcfExtension.CustomUserNameValidator,TestWcfServiceAuth" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
</configuration>
Here my CustomUserNameValidator.cs
namespace myTimeServiceDemoa.WcfExtension
{
public class CustomUserNameValidator : System.IdentityModel.Selectors.UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException("You must provide both the username and password to access this service");
}
if (!(userName == "user1" && password == "test") && !(userName == "user2" && password == "test"))
{
throw new FaultException("Unknown Username or Incorrect Password");
}
}
}
}
UPDATE: After two days of trying I give up now because I don't see what I may have done wrong. Seems this stuff is not working for me... I investigated a lot and everything you need is to change Authentication of your WebApplication in IIS to "Basic" and add a custom "CustomUserNameValidator" in your web.config but this is not working! Please correct me if I'm wrong.
My solution:
- Use "Anonymous Authentication" in IIS
- Use a "ServiceAuthorizationManager" and check HTTP-Headers in "CheckAccessCore"
Cheers, Stefan
