Authentication in WCF – Easy WCF
Skip to content

Authentication in WCF

What is Authentication?

Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access

There are various ways of Authentication in WCF.

  • No Authentication
  • Windows Authentication
  • User Name/Password
  • X509 Certificates
  • Issue Token
  • Custom Mechanism

WCF Authentication

No authentication:

Service does not authenticate its caller and it will allow all clients to access.

Windows authentication:

Services use Kerberos when a windows domain service is available or NTLM when deployed in workgroup configuration. In this mode caller provides the windows credential tickets/token to the service authentication.


Explicit username and password is provided to authenticate the service.

X509 certificates:

In this mode of security, client will send his certificate information to the service communication. Service host will check and validate the caller certificate information to authenticate the service.

Custom mechanism:

WCF allows developers to replace the build-in authentication mechanism by providing user own protocol and credential type for authentication.

Issue token:

The caller and the service can both rely on a secure token service to issue the client a token that service identify and trust. E.g windows card space

© 2015, admin. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *