regineh982
New Member
I'm new to \[code\]WCF\[/code\] and am a little bit confused on how \[code\]Authentication\[/code\] and \[code\]Authorization\[/code\] work with it. I'm building a ASP.Net 4 web application which works with a WCF service to retrieve and send data. Some data is considered private, so we have been asked to use SSL to protect it. The web application, WCF service and database will all be within a company's network.I've setup the service using \[code\]WSHttpBinding\[/code\] with Transport security, to work with SSL. I've also been asked to make sure there is some authentication measure in place and some authorization piece. For \[code\]Authentication\[/code\] I put the \[code\]clientCredentialType\[/code\] to Windows in my WCF service config.\[code\]<wsHttpBinding> <binding name="CompanyService" maxReceivedMessageSize="2147483647"> <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> <security mode="Transport"> <transport clientCredentialType="Windows" /> <message clientCredentialType="None"/> </security> </binding> </wsHttpBinding>\[/code\]Does that now automatically make sure that only applications within out company's network can talk to this service, or do I need to add code?If that handles the \[code\]Authentication\[/code\] piece, with Transport security how can I do the authorization piece? We have LDAP access, so is there a way to restrict the service to only allow access for certain users, which are stored in the DB (not using \[code\]MembershipProvider\[/code\]) or be able to restrict it another way, maybe username/password? I initially thought about using \[code\]clientCredentialType="Username"\[/code\] but that does not look like it's available for Transport.Thank you.