What is Authentication?
Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access
There are various ways of Authentication in WCF.
- No Authentication
- Windows Authentication
- User Name/Password
- X509 Certificates
- Issue Token
- Custom Mechanism
Service does not authenticate its caller and it will allow all clients to access.
Services use Kerberos when a windows domain service is available or NTLM when deployed in workgroup configuration. In this mode caller provides the windows credential tickets/token to the service authentication.
Explicit username and password is provided to authenticate the service.
In this mode of security, client will send his certificate information to the service communication. Service host will check and validate the caller certificate information to authenticate the service.
WCF allows developers to replace the build-in authentication mechanism by providing user own protocol and credential type for authentication.
The caller and the service can both rely on a secure token service to issue the client a token that service identify and trust. E.g windows card space
© 2015, admin. All rights reserved.