Mapping Credentials to Authentication Schemes


You may have noticed that an HTTP binding is configured with an HttpClientCredentialType whereas an HTTP binding element is configured with an AuthenticationScheme. How are these two settings related? If you want to switch between a custom binding and a standard binding for HTTP, then you need to know how to do the translation.

Here’s how client credentials map to authentication schemes:

  • HttpClientCredentialType.None becomes AuthenticationSchemes.Anonymous
  • HttpClientCredentialType.Certificate also becomes AuthenticationSchemes.Anonymous. Certificates are used with HTTPS rather than as authentication credentials on top of HTTP. This will be caught in validation if you try to use certificates with the TransportCredentialOnly security mode.
  • HttpClientCredentialType.Basic becomes AuthenticationSchemes.Basic
  • HttpClientCredentialType.Digest becomes AuthenticationSchemes.Digest
  • HttpClientCredentialType.Ntlm becomes AuthenticationSchemes.Ntlm
  • HttpClientCredentialType.Windows becomes AuthenticationSchemes.Negotiate

Translation works the same way with proxy credentials and the proxy authentication scheme except that proxies don’t have to worry about the issue with certificates.

Next time: Get a Real XML Parser

Comments (3)

  1. I need to make many simultaneous HTTP calls to the same service from my client application. How do I

  2. alik levin's says:

    This is a digest of WCF Security resources I was collecting for some time. Drop me a comment in case

  3. 江南白衣 says:

    This is a digest of WCF Security resources I was collecting for some time. Drop me a comment in case it is useful.

Skip to main content