Mapping Credentials to Authentication Schemes

  • Article

You may have noticed that an HTTP binding is configured with an HttpClientCredentialType whereas an HTTP binding element is configured with an AuthenticationScheme. How are these two settings related? If you want to switch between a custom binding and a standard binding for HTTP, then you need to know how to do the translation.

Here's how client credentials map to authentication schemes:

- HttpClientCredentialType.None becomes AuthenticationSchemes.Anonymous

HttpClientCredentialType.Certificate also becomes AuthenticationSchemes.Anonymous. Certificates are used with HTTPS rather than as authentication credentials on top of HTTP. This will be caught in validation if you try to use certificates with the TransportCredentialOnly security mode.
  • HttpClientCredentialType.Basic becomes AuthenticationSchemes.Basic
  • HttpClientCredentialType.Digest becomes AuthenticationSchemes.Digest
  • HttpClientCredentialType.Ntlm becomes AuthenticationSchemes.Ntlm
  • HttpClientCredentialType.Windows becomes AuthenticationSchemes.Negotiate

Translation works the same way with proxy credentials and the proxy authentication scheme except that proxies don't have to worry about the issue with certificates.

Next time: Get a Real XML Parser