Share via

Difference between Windows Authentication and Basic Authentication in WCF

leo del ciello 106 Reputation points
2022-06-30T07:13:31.343+00:00

I am wondering what the difference between basic and Windows Authentication in WCF is, since by the examples given in Microsoft's docs (I refer specifically to https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/common-security-scenarios where different authentication situations are given , and in particular the two cases : "Transport Security with Basic Authentication" and "Transport Security with Windows Authentication" ) are not very clear to me. It appears that in the case of Windows Authentication the client is (or must be) already logged to the Windows domain so no need for sending credentials , while in the case of Basic Authentication the client is not on the Windows Domain so it must send credentials to authenticate : but no credentials verification code is given in the server's example so this makes me think that the runtime itself verifies the credentials .... Am I correct ? In this case which are the credentials the system compares the client's credentials with ? It seems to me that they are the domain credentials as well ... I found on another article about Asp.Net Basic authentication that Basic and Windows Authentication are mostly the same thing, the only difference is that when Basic is configured on IIS, the credentials given by the client are (must be?) managed by the custom server code , seemingly no built -it authentication mechanism is present .... I am a bit confused .....

Windows for business | Windows Server | Devices and deployment | Configure application groups
Developer technologies | .NET | Other
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lan Huang-MSFT 30,211 Reputation points Microsoft External Staff
    2022-07-05T07:58:28.86+00:00

    Hi @leo del ciello ,
    The way you configured it is incorrect. Do you want to authenticate by username and password?
    You can take a closer look at the comments in the documentation.
    217580-image.png

    The following documentation contains examples of how to create a service endpoint that uses a Windows domain username and password to protect the transport, which you can refer to.
    https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-basic-authentication
    How to: Authenticate with a User Name and Password

    The documentation says that after selecting the security mode, you have to specify the actual credentials.

    Set Windows Credentials: If the client specifies a valid username and password, it is used to authenticate the client. Otherwise, the currently logged in user's credentials will be used.

    https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/selecting-a-credential-type#setting-windows-credentials

    If you want to understand the difference between Transport Security's basic credential types and windows credential types, you can check out the following documentation.
    https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-overview
    Best regards,
    Lan Huang

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

    0 comments
  2. leo del ciello 106 Reputation points
    2022-07-04T07:52:09.933+00:00

    I am reading now this following article :

    https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/selecting-a-credential-type

    where it's clearly stated that, for WCF Trasport Security Mode, the clientCredentialType "Password" is available if one wants to explicitly send credentials and validate them in a customized way.

    What is definitely funny is that , if I put the following in my service's web.config file :

    <security mode ="transport">
    <transport clientCredentialType="">

    the value "Password" for the clientCredentialType attribute is not allowed ......

    I guess there's a bit of confusion on this subject .....
    Not to talk about the fact that they state that "Password" clientCredentialType may be used for Windows authentication as well ... I am wondering how .....

    Was this answer helpful?

    0 comments
  3. Limitless Technology 40,101 Reputation points
    2022-07-03T09:37:54.993+00:00

    Hi there,

    Windows authentication authenticates the user by validating the credentials against the user account in a Windows domain.

    Basic authentication verifies the credentials that are provided in a form against the user account that is stored in a database.

    -----------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    Was this answer helpful?

  4. Limitless Technology 40,101 Reputation points
    2022-07-03T09:37:54.263+00:00

    Hi there,

    Windows authentication authenticates the user by validating the credentials against the user account in a Windows domain.

    Basic authentication verifies the credentials that are provided in a form against the user account that is stored in a database.

    -----------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.