7

I have a WCF client hosted in IIS7 and a WCF service hosted in IIS7. The client is strictly http/javascript and I'd like to keep it that way.

When I browse to the client webpage, I'm prompted for Windows Authentication credentials because the page is protected (and served with https). Once I've authenticated, my AJAX calls to the service (from the client) are not processed because I'm never given an opportunity to authenticate to the service itself.

What is the best way to implement security if I want to protect access to the service using Active Directory credentials but without using .NET libraries?

The specific response returned by the service is "401 (Unauthorized)". Note that the service is also served with https.

Chad_C
  • 188
  • 2
  • 12

1 Answers1

1

Edit:

Update

There is a security mode for this as described here:

http://rickgaribay.net/archive/2007/04/04/recipe-wcf-basichttpbinding-with-windows-authentication.aspx

Below is for Android

I believe that it is possible. Althought, short of writing a custom implementation of NTML authentication, you will need to use a java third party libary.

I did have success with http://jcifs.samba.org/ running on Android. Unfortunately, I dont have the source code to share any more as we moved to a different authentication method.

I found that project through the following link: http://danhounshell.com/blog/android-using-ntlm-authentication-with-httpclient/

There is also another NTML project for AD integration which might help (i have no experience):

http://www.ioplex.com/jespa.html

hth

Stuart Blackler
  • 3,732
  • 5
  • 35
  • 60
  • I'm sure this will be helpful to someone attempting to manage NTLM authentication through custom code, and I appreciate the comment, but I'm really looking for a solution that will allow me to authenticate to the user to the client/web service without building a custom library. Even if this means moving to a third-party authentication system such as OAuth. I would like to leverage the existing directory and bind user to this directory using certificates or form authentication or something transparent to the end user besides a username/password box or form. – Chad_C May 23 '11 at 12:29
  • Seriously sorry Chad. Don't know what I was smoking when I wrote my original answer as that is an android specific use case. I mis-interpreted your question quite badly :/ I have updated the answer with a link describing how to do what you said. Hope this actually answers your question this time :D – Stuart Blackler May 24 '11 at 13:28