Is there a way to grab the password using windows authentication with webhttpbinding in WCF?
https://stackoverflow.com/questions/8639714
-
06-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I'm currently have a selfhosted WCF REST service. Using WebHttpBinding and Windows authentication, is it possible at all to get the password or do I have to use Basic authentication?
해결책
You can't get the user password using Windows auth - since the authentication is done via a third party (usually the active directory), no passwords are exchanged between the client and the service, only a token which is issued by the AD.
Being able to get the password using Windows auth would also be a huge security risk - in intranets clients (such as browsers) usually don't prompt the user for credentials when authenticating themselves to a server which requires that kind of authentication. You wouldn't want your password to be handed over to a service which you happen to visit that uses that kind of authentication.
