How does WCF Windows authentication work without explicitly setting credentials

idendaraffola

New Member
I have an asp.net web application that makes calls to several WCF services. The web app is located at www.mydomain.com and the services are at services.mydomain.com. They are hosted from the same server.I've just added secure endpoints (bassicHttpBindings) to the services that use Transport security (https) and Windows authenication:\[code\]<binding name="WindowsSecuredBinding"> <security mode="Transport"> <transport clientCredentialType="Windows" /> </security></binding>\[/code\]and configured the client web app to use these new secure endpoints. I was expecting the next step to be writing some code in the web app to set the client credentials in order to pass the Windows authentication. To my surprise, the service calls are succeeding without setting the client credentials. I'm assuming it must be sending the account that the web app is running under but don't know how to verify that. In other scenarios I thought I've seen the client credentials having no implicit default.So I have two questions:[*]How is authentication succeeding? Does it send the user the app runs under, the browser user's credentials, no credentials?[*]How can I debug/log/trace the authentication process? I'd like to at least see the username that's being authenticated so I can validate the security.
 
Back
Top