Windows Authentication is a great way to provide authentication security in your WCF services. With the WSHttpEndpoing and a .NET 3.0+ client Windows Authentication works right out of the box with WCF, everything is just peachy. However, if you want to use the BasicHttpBinding for .NET 2.0 client backward compatibility then it is going to require a bit of configuration for both the clients & server.
I covered the BasicHttpBinding in detail in this post, I would recommend you check that out before you dive into specifically using Windows Authentication with the BasicHttpBinding.
There are two areas that you need to focus on to enable Windows Authentication in a WCF service, the Web.config file & the service implementation.
All of the configuration for the Windows Authentication WCF BasicHttpBinding service takes place in the Web.config file. Here is exactly what you need:
Enable Windows Authentication & the Role Provider
Create The EndPoint
Configure the BasicHttpBinding Binding
There are a couple of different ways you can do authentication for your WCF operations. I would highly recommend to base all of your authentication security on group or role membership rather than on single user access. Coding your operation authentication security in a role based manner will make administration of users allowed to access your operations much easier to manage in the future.
Method 1: Operation Authentication Decoration
Edit your service implementation class (Service.cs or similar) to include authentication decorations for your web operations.
Method 2: Explicit Code Level Authentication
Put the following code within your operation method to do explicit authentication in the actual method code.
Full operation example code:
The .NET 2.0 client needs to explicitly define the network credentials that are going to be sent across the wire. By default .NET 2.0 web references to web services don't pass credentials over the wire, which is why the explicit credential code is necessary. Here is how you need to configure your .NET 2.0 client to ensure your crendentials are passed across the wire and therefore allow you to be verified as a user in a valid role.
Here is a sample solution with service & client projects using the WCF BasicHttpBinding & Windows Authentication.
I have included the WCF Service with the authentication methods as well as a .NET 2.0 client configured to connect to the web service and pass appropriate credentials and a .NET 3.5 client configured to connect to the same web service for reference.
NOTE: In order to run the service, you will need to configure the service in IIS as a virtual directory at the following URI: http://localhost/WCFBasicEndpointWinAuth/Service.svc so Windows Authentication can be used. If you need help configuring IIS7 for ASP.NET/WCF development purposes refer to this post.