7 articles and counting

Web Service Authentication – Kerberos Style

Ok, so this is not the blog post that talks about every possible way to athenticate to a .Net webservice – however – it is the blog post that tells you how to flow the current user’s credentials into your webservice.

The scenario where you might need to do this is relatively specific, here’s the specifics.

  • Your WebService is being served from IIS using Integration Windows Authentication, IWA, Anonymous Access is turned off. 
  • The client application is a .NET app will be served in the same way.
  • You want your service to treat the client as the current user, meaning, the client will make calls in the context of the current user.  (Perhaps you’re interested in continuing the flow of credentials down to your SQL Server or the file system and you want to ensure security inegrity based on the users rights and permissions) 

So here’s the Code in C#, this is the code on the client that is calling the service.

remoteService.Service1 service = new remoteService.Service1();

service.Credentials =CredentialCache.DefaultCredentials;

The first line instantiates an instance of your service.

The second line tells the service to use the Default Credentials stores in the Credential Cache.  These are the credentials of the current user in an IWA environment.

One another thing, WebService Web.config updates…

In the web.config of your service you need to set the authentication mode to Windows.

<authentication mode=Windows/>

If you intend to continue the flow of user credentials down to another system on the other side of your service, you’ll need to set the identity impersonate attribute in the web.config to true.

<identity impersonate=true />

That’s it – not too bad at all, hope it helps!



– You’ve now come to the end of the post, close your web browser and go write some code.  May the 3rd bit be with you…

Leave a Reply

Name (required)
Mail (will not be published) (required)

Your Comments:

Spam Protection by WP-SpamFree