Csla 4 service authentication problem.

Csla 4 service authentication problem.

Old forum URL: forums.lhotka.net/forums/t/10523.aspx


GoGO posted on Wednesday, July 13, 2011

I work with Authentication Windows code example which comes with UsingCsla4-04-DataPortal book from CSLA 4 ebook series. It works fine on the local machine. But when I deploy the service at remote IIS and run WPF client, the code raises following exception:

 

“The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.”.

If Anonymous authentication is allowed on IIS application, exception is not raised. But anonymous authentication is against the security policy.

 

Is there any way to run this service without Anonymous authentication?

RockfordLhotka replied on Monday, July 18, 2011

Yes, but it becomes rapidly complicated.

First, you need to decide what non-anonymous authentication scheme you will use. Then you need to configure the client and server to pass the credentials based on that scheme.

Obviously part of your decision must include whether you'll prompt the user for the credentials, use thier client-side Windows credentials, or hard-code some application credentials. If you go for application credentials, they can be username/password, but it is probably better to use a certificate. But in that case you need a CA, and a way to deploy the client certs.

This stuff gets rapidly very complex :)

In the ebook I reference the WCF security guidance book published by Microsoft on codeplex. You really need to read through that book to understand all the possible ways of authenticating a WCF service. Then go back to your app and figure out how to make that authentication model work with the data portal.

Worst case, you will need to create custom proxy and/or host classes as shown in the ebook. In those custom classes you can set up any type of autthentication required by your security policy.

Copyright (c) Marimer LLC