Keyvan Nayyeri

God breathing through me
Keyvan Nayyeri

I'm Keyvan Nayyeri, a 25 years old Ph.D. student at the Computer Science department of the University of Texas at San Antonio.
I'm also a Software Architect and Developer and previously held a B.Sc. degree in Applied Mathematics.
This is my blog where I publish content about various topics specifically Programming Languages and Compilers, Software Engineering and Programming.

My Email My Twitter Account My Facebook Profile My OpenID Domain My FriendFeed Profile Chat with Me on GTalk My LinkedIn Profile My Flickr Photos


Recent Posts

Archive


Use ASP.NET Membership and Role Providers in Windows Communication Foundation

Published on December 13, 2006

It's possible to use ASP.NET membership and role providers for authentication and authorization in Windows Communication Foundation.

To enable ASP.NET membership for authentication you need to modify service configuration file and add appropriate items for ASP.NET membership to it then set Windows Communication Foundation configurations to use it.

For example here I add connection string for my SQL Server database to use its membership data for authentication:

<connectionStrings>

  <remove name="MyConnection" />

  <add name="MyConnection"

      connectionString="Data Source=KEYVAN-XP;Initial Catalog=HelloMembership;Integrated Security=True"

      providerName="System.Data.SqlClient" />

</connectionStrings>

Now I add my membership configurations to service configuration file:

<system.web>

  <membership defaultProvider="SqlMembershipProvider">

    <providers>

      <clear />

      <add

        name="SqlMembershipProvider"

        type="System.Web.Security.SqlMembershipProvider"

        connectionStringName="MyConnection"

        applicationName="/HelloService"

        enablePasswordRetrieval="false"

        enablePasswordReset="false"

        requiresQuestionAndAnswer="false"

        requiresUniqueEmail="true"

        passwordFormat="Hashed" />

    </providers>

  </membership>

 

  <compilation debug="true"/>

</system.web>

Then I use wsHttpBinding and set its mode to Message then apply UserName credential type for it to apply UserName authentication:

<bindings>

  <wsHttpBinding>

    <binding name="MyBinding">

      <security mode="Message">

        <message clientCredentialType="UserName"/>

      </security>

    </binding>

  </wsHttpBinding>

</bindings>

And finally I set my UserName authentication to use ASP.NET membership by adding a <userNameAuthentication /> element to my service behavior.  First it's necessary to set userNamePasswordValidationMode attribute to MembershipProvider then use ASP.NET membership whose configurations are used before to set membershipProviderName attribute.

<behaviors>

  <serviceBehaviors>

    <behavior name="MyBehavior">

      <serviceMetadata httpGetEnabled="true" />

      <serviceCredentials>

        <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"

                                membershipProviderName="SqlMembershipProvider"/>

      </serviceCredentials>

    </behavior>

  </serviceBehaviors>

</behaviors>

So after these changes my service configuration file looks like this:

<?xml version="1.0"?>

<configuration>

  <connectionStrings>

    <remove name="MyConnection" />

    <add name="MyConnection"

        connectionString="Data Source=KEYVAN-XP;Initial Catalog=HelloMembership;Integrated Security=True"

        providerName="System.Data.SqlClient" />

  </connectionStrings>

 

  <system.serviceModel>

    <services>

      <service name="MyService.Hello" behaviorConfiguration="MyBehavior">

        <endpoint contract="MyService.IHello" binding="wsHttpBinding"

                  bindingConfiguration="MyBinding" />

      </service>

    </services>

 

    <bindings>

      <wsHttpBinding>

        <binding name="MyBinding">

          <security mode="Message">

            <message clientCredentialType="UserName"/>

          </security>

        </binding>

      </wsHttpBinding>

    </bindings>

 

    <behaviors>

      <serviceBehaviors>

        <behavior name="MyBehavior">

          <serviceMetadata httpGetEnabled="true" />

          <serviceCredentials>

            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"

                                    membershipProviderName="SqlMembershipProvider"/>

          </serviceCredentials>

        </behavior>

      </serviceBehaviors>

    </behaviors>

  </system.serviceModel>

 

  <system.web>

    <membership defaultProvider="SqlMembershipProvider">

      <providers>

        <clear />

        <add

          name="SqlMembershipProvider"

          type="System.Web.Security.SqlMembershipProvider"

          connectionStringName="MyConnection"

          applicationName="/HelloService"

          enablePasswordRetrieval="false"

          enablePasswordReset="false"

          requiresQuestionAndAnswer="false"

          requiresUniqueEmail="true"

          passwordFormat="Hashed" />

      </providers>

    </membership>

 

    <compilation debug="true"/>

  </system.web>

</configuration>

Now I can use UserName authentication on client side to access to my service methods by passing ASP.NET membership credentials to client proxy.

Second usage of ASP.NET providers in Windows Communication Foundation is for authorization.

To implement this for my example, I add ASP.NET configuration for role provider:

<roleManager enabled ="true" defaultProvider ="SqlRoleProvider" >

  <providers>

    <add name ="SqlRoleProvider"

      type="System.Web.Security.SqlRoleProvider"

      applicationName="/HelloService"

      connectionStringName="MyConnection" />

  </providers>

</roleManager>

At this point I use <serviceAuthorization /> element under <behavior /> element to configure authorization for my Windows Communication Foundation service.  By setting principalPermissionMode attribute to UseAspNetRoles and roleProviderName attribute to appropriate role provider name I can enable ASP.NET role provider authorization for my Windows Communication Foundation service.

<behaviors>

  <serviceBehaviors>

    <behavior name="MyBehavior">

      <serviceMetadata httpGetEnabled="true" />

      <serviceCredentials>

        <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"

                                membershipProviderName="SqlMembershipProvider"/>

      </serviceCredentials>

      <serviceAuthorization principalPermissionMode="UseAspNetRoles"

                            roleProviderName="SqlRoleProvider">

      </serviceAuthorization>

    </behavior>

  </serviceBehaviors>

</behaviors>

At the end my Web.Config is this:

<?xml version="1.0"?>

<configuration>

  <connectionStrings>

    <remove name="MyConnection" />

    <add name="MyConnection"

        connectionString="Data Source=KEYVAN-XP;Initial Catalog=HelloMembership;Integrated Security=True"

        providerName="System.Data.SqlClient" />

  </connectionStrings>

 

  <system.serviceModel>

    <services>

      <service name="MyService.Hello" behaviorConfiguration="MyBehavior">

        <endpoint contract="MyService.IHello" binding="wsHttpBinding"

                  bindingConfiguration="MyBinding" />

      </service>

    </services>

 

    <bindings>

      <wsHttpBinding>

        <binding name="MyBinding">

          <security mode="Message">

            <message clientCredentialType="UserName"/>

          </security>

        </binding>

      </wsHttpBinding>

    </bindings>

 

    <behaviors>

      <serviceBehaviors>

        <behavior name="MyBehavior">

          <serviceMetadata httpGetEnabled="true" />

          <serviceCredentials>

            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"

                                    membershipProviderName="SqlMembershipProvider"/>

          </serviceCredentials>

          <serviceAuthorization principalPermissionMode="UseAspNetRoles"

                                roleProviderName="SqlRoleProvider">

          </serviceAuthorization>

        </behavior>

      </serviceBehaviors>

    </behaviors>

  </system.serviceModel>

 

  <system.web>

    <membership defaultProvider="SqlMembershipProvider">

      <providers>

        <clear />

        <add

          name="SqlMembershipProvider"

          type="System.Web.Security.SqlMembershipProvider"

          connectionStringName="MyConnection"

          applicationName="/HelloService"

          enablePasswordRetrieval="false"

          enablePasswordReset="false"

          requiresQuestionAndAnswer="false"

          requiresUniqueEmail="true"

          passwordFormat="Hashed" />

      </providers>

    </membership>

 

    <roleManager enabled ="true" defaultProvider ="SqlRoleProvider" >

      <providers>

        <add name ="SqlRoleProvider"

          type="System.Web.Security.SqlRoleProvider"

          applicationName="/HelloService"

          connectionStringName="MyConnection" />

      </providers>

    </roleManager>

 

    <compilation debug="true"/>

  </system.web>

</configuration>

Now playing: Eric Clapton - Revolution

9 Comments

DotNetKicks.com
Dec 13, 2006 12:17 PM
#
You've been kicked (a good thing) - Trackback from DotNetKicks.com

Sandro
Sep 04, 2007 6:01 AM
#
I follow your guidelines but I receive from the service: The service certificate is not provided. Specify a service certificate in ServiceCredentials. Thanks

Ron
Nov 01, 2007 8:34 AM
#
This is only a partial sample. Can you please add to this the client-side of things? Let's see what the clients config file looks like as well as the code necessary on the client to pass user ID and password. Also, how about showing us how to do this same thing using a TCP endpoint instead of HTTP.

Johnson
Mar 05, 2008 12:15 AM
#

How to use Kerberos with WCF with ASP.NET Membership and Role Providers?


Karen
May 07, 2008 9:51 AM
#

Can I keep WCF service separately from Web and has autontication, profile and role access in WCF from web site's web config. I have written site with ASP.NET autontication, profile and role providers. Now I have added SilverLight which has to have access to loged in user's profile. I use WCF to get access to profile. But nothing happen because WCF and Web different projects and have different Web.config files. What can I do ?


Tracy
Jan 28, 2009 3:20 PM
#

Hope it is not too late to ask a question on here. Does the above also apply when writing a service to be hosted, in a console project with a client web application accessing it? I made the changes to my service app.config file but not sure how to pass the username and role information to my service afterwards to access the service


Pavan
Aug 18, 2009 11:03 PM
#

This is a partial soultion. Can you please add to this the client-side members, config? Im kind of stuckup at establishing a proper communication. I get "At least one security token in the message could not be validated." as a inner exception if you could mail me or upload sample application that would very helpfull and much appreciated. Thankyou for your kind support.


IGAL
Sep 14, 2009 7:59 AM
#

i also join to pavan as the client configuration part is missing in this article.

i got the same exception as pavan did.

i have a web client application and i am realy confuse with how client implementation and configuration need to look like.

note that in many post (include msdn ) there is has to be a certificate issue in both client/service machines

thanks in advanced


Jay
Sep 25, 2009 3:15 PM
#
can you post a working solution with a web application? I am still not getting this to work properly.

thank you!

Leave a Comment





Ads Powered by Lake Quincy Media Network
© 2005-2010 Keyvan Nayyeri. Licensed under GNU Free Documentation License.