Is there a way to grab the password using windows authentication with webhttpbinding in WCF?

Question

I'm currently have a selfhosted WCF REST service. Using WebHttpBinding and Windows authentication, is it possible at all to get the password or do I have to use Basic authentication?

Answer 1

You can't get the user password using Windows auth - since the authentication is done via a third party (usually the active directory), no passwords are exchanged between the client and the service, only a token which is issued by the AD.

Being able to get the password using Windows auth would also be a huge security risk - in intranets clients (such as browsers) usually don't prompt the user for credentials when authenticating themselves to a server which requires that kind of authentication. You wouldn't want your password to be handed over to a service which you happen to visit that uses that kind of authentication.