This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 69%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELD%3C/text%3E%3C/svg%3E)
I am wondering what the difference between basic and Windows Authentication in WCF is, since by the examples given in Microsoft's docs (I refer specifically to https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/common-security-scenarios where different authentication situations are given , and in particular the two cases : "Transport Security with Basic Authentication" and "Transport Security with Windows Authentication" ) are not very clear to me. It appears that in the case of Windows Authentication the client is (or must be) already logged to the Windows domain so no need for sending credentials , while in the case of Basic Authentication the client is not on the Windows Domain so it must send credentials to authenticate : but no credentials verification code is given in the server's example so this makes me think that the runtime itself verifies the credentials .... Am I correct ? In this case which are the credentials the system compares the client's credentials with ? It seems to me that they are the domain credentials as well ... I found on another article about Asp.Net Basic authentication that Basic and Windows Authentication are mostly the same thing, the only difference is that when Basic is configured on IIS, the credentials given by the client are (must be?) managed by the custom server code , seemingly no built -it authentication mechanism is present .... I am a bit confused .....
Hi there,
Windows authentication authenticates the user by validating the credentials against the user account in a Windows domain.
Basic authentication verifies the credentials that are provided in a form against the user account that is stored in a database.
-----------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
Hi there,
Windows authentication authenticates the user by validating the credentials against the user account in a Windows domain.
Basic authentication verifies the credentials that are provided in a form against the user account that is stored in a database.
-----------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
In a WCF service with Basic authentication, is it possible to explicitly send, from client a username/password comibination ? and in the service code, how do I extract them from the call, so that I can verify them against, say, a custom db ?
If I don't provide a username/password combination , the windows' account credentials are passed ? and are they verified, on service side, by the runtime ? and how ?
I am reading now this following article :
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/selecting-a-credential-type
where it's clearly stated that, for WCF Trasport Security Mode, the clientCredentialType "Password" is available if one wants to explicitly send credentials and validate them in a customized way.
What is definitely funny is that , if I put the following in my service's web.config file :
<security mode ="transport">
<transport clientCredentialType="">
the value "Password" for the clientCredentialType attribute is not allowed ......
I guess there's a bit of confusion on this subject .....
Not to talk about the fact that they state that "Password" clientCredentialType may be used for Windows authentication as well ... I am wondering how .....
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 36%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Hi @leo del ciello ,
The way you configured it is incorrect. Do you want to authenticate by username and password?
You can take a closer look at the comments in the documentation.
The following documentation contains examples of how to create a service endpoint that uses a Windows domain username and password to protect the transport, which you can refer to.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-basic-authentication
How to: Authenticate with a User Name and Password
The documentation says that after selecting the security mode, you have to specify the actual credentials.
Set Windows Credentials: If the client specifies a valid username and password, it is used to authenticate the client. Otherwise, the currently logged in user's credentials will be used.
If you want to understand the difference between Transport Security's basic credential types and windows credential types, you can check out the following documentation.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-overview
Best regards,
Lan Huang
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
