All geek questions in one place

WCF - How to configure netTcpBinding for NTLM authentication?

I know how to configure basicHttpBinding for NTLM authentication, but cannot find a way to do the same for netTcpBinding.

Does netTcpBinding support NTLM? If so, how do I get the WCF service to use NTLM?

By the way, the well-known method using an identification element for some reason did not work at all. I am looking for something like this - clientCredentialType = "Ntlm", but for tcp. Here is the basicHttp setup:

<basicHttpBinding> <binding name="BasicHttpBinding"> <security mode ="TransportCredentialOnly"> <transport clientCredentialType ="Ntlm"/> </security> </binding> </basicHttpBinding>
+4
source share
2 answers

Here is the complete answer that I finally found, tested and confirmed.

a. My WCF client used to dynamically create EndPoint.Address as follows

 EndPointAddress myEdpintAddress = new EndPointAddress(stringURL);

But in the case of secure transport (net.tcp), it should be initialized as follows EndPointAddress myEdpintAddress = new EndPointAddress(new UrRL(string), myEndPointIdentity )

Without EndPointIdentity parameters, the Identity property in the EndPointAddress object is null and generates the error "... target name name is ......" on the server side.

C. Our domain controller supports Kerberos and Ntlm authentication. After the above is done, usually on the client side there are four configuration scripts for binding net.tcp if the security is different from โ€œNoโ€ and the WCF service is running as a domain account:

  • No <identity> elements at client endpoint - WCF service failure

  • <identity> , but with an empty value for dns, userPrioncipalName or servicePrincipalName elements - WCF call is successful, but uses Ntlm authentication

  • <identity> element containing the value for calling dsn or SPN - WCF; the service uses ntlm for authentication.

  • <identity> element containing the correct value for upn - WCF callfull; the service uses Kerberos for authentication. Invalid or missing value for upn Ntlm authentication

Thanks.

+5
source

Net TCP Binding does not support "NTLM" as a client credential type. You have a choice of only None , Windows or Certificate (see MSDN Docs in TcpClientCredentialType ).

So, in your case, try the following:

 <netTcpBinding> <binding name="tcpWindows"> <security mode ="TransportCredentialOnly"> <transport clientCredentialType ="Windows"/> </security> </binding> </netTcpBinding>

Any reason why this is not working?

0
source

Source: https://habr.com/ru/post/1300369/

More articles:


All Articles