Use Windows Authentication in Web Service

Many of my friends know that Web Service supports windows verification. But in fact, there are not many good friends, because there are a few special points that need to be noted.

1. How to configure on the server

Note that the authentication mode is Windows by default, but setting this mode alone is useless. The relevant authorization rules must be set at the same time. And do not just use allow. In the end, deny all users or groups that are not allow.

 

The service must be published to the IIS server for debugging. If it is not released and debugging is only in Vs, some settings cannot be made, such as the type of the Windows Verification Mode.

 

2. Publish a service

Generally, "Anonymous Access" must be disabled here ". At the same time, you may need to select a specific verification mode (basic, or integrated)

If "Basic" is selected, the client can dynamically specify the user name and password. Note that the user name and password are sent in plaintext, which poses a security risk. (Can work with SSL) to solve this problem

If "integration" is selected, the client will automatically negotiate with the server to determine whether to use the NTLM or korbers authentication identity, that is, the client's windows creden。 must be automatically sent to the server.

 

3. How to compile the clientCode(If the Server Authentication mode is "Basic ")

 

4. How to write code on the client (if the Verification Mode of the server is "integration ")

 

Here, you only need to use the special credentials defadefadefadefa, which actually represents the Windows identity of the current client. Obviously, in this case, the client and the server must be in a trusted domain environment.

 

5. the "Basic" and "integration" verification methods can coexist.

Many of my friends know that Web Service supports windows verification. But in fact, there are not many good friends, because there are a few special points that need to be noted.

1. How to configure on the server

Note that the authentication mode is Windows by default, but setting this mode alone is useless. The relevant authorization rules must be set at the same time. And do not just use allow. In the end, deny all users or groups that are not allow.

 

The service must be published to the IIS server for debugging. If it is not released and debugging is only in Vs, some settings cannot be made, such as the type of the Windows Verification Mode.

 

2. Publish a service

Generally, "Anonymous Access" must be disabled here ". At the same time, you may need to select a specific verification mode (basic, or integrated)

If "Basic" is selected, the client can dynamically specify the user name and password. Note that the user name and password are sent in plaintext, which poses a security risk. (Can work with SSL) to solve this problem

If "integration" is selected, the client will automatically negotiate with the server to determine whether to use the NTLM or korbers authentication identity, that is, the client's windows creden。 must be automatically sent to the server.

 

3. How to write code on the client (if the Authentication Mode on the server is "Basic ")

 

4. How to write code on the client (if the Verification Mode of the server is "integration ")

 

Here, you only need to use the special credentials defadefadefadefa, which actually represents the Windows identity of the current client. Obviously, in this case, the client and the server must be in a trusted domain environment.

 

5. the "Basic" and "integration" verification methods can coexist.