<windows> of <clientCredentials> Element

2010-01-05

Specifies the settings for a Windows credential to be used to represent the client.

Schema Hierarchy

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior> of <endpointBehaviors>
        <clientCredentials>
          <userNameAuthentication>

Syntax

<windows 
    allowedImpersonationLevel="Identification/Impersonation/Delegation/Anonymous/None"
        allowNtlm="Boolean"
/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute	Description
allowedImpersonationLevel	Sets the impersonation preference that the client communicates to the server. The impersonation mode that the client selects is not enforced on the server. Valid values include the following: Identification: The server can get the identity and privileges of the client, but cannot impersonate the client. Impersonation: The server can impersonate the client's security context on the local system. Delegation: The server can impersonate the client's security context on remote systems. Anonymous: The server cannot impersonate or identify the client. None: An impersonation level is not assigned. The default is Identification. This attribute is of type TokenImpersonationLevel.
allowNtlm	Setting this property to true allows authentication to downgrade to NTLM if Kerberos is not available. Setting this property to false causes Windows Communication Foundation (WCF) to make a best-effort to throw an exception if NTLM is used. Note that setting this property to false may not prevent NTLM credentials from being sent over the wire.

allowedImpersonationLevel

Sets the impersonation preference that the client communicates to the server. The impersonation mode that the client selects is not enforced on the server. Valid values include the following:

Identification: The server can get the identity and privileges of the client, but cannot impersonate the client.
Impersonation: The server can impersonate the client's security context on the local system.
Delegation: The server can impersonate the client's security context on remote systems.
Anonymous: The server cannot impersonate or identify the client.
None: An impersonation level is not assigned.

The default is Identification. This attribute is of type TokenImpersonationLevel.

allowNtlm

Setting this property to true allows authentication to downgrade to NTLM if Kerberos is not available.

Setting this property to false causes Windows Communication Foundation (WCF) to make a best-effort to throw an exception if NTLM is used. Note that setting this property to false may not prevent NTLM credentials from being sent over the wire.

Child Elements

None.

Parent Elements

Element	Description
<clientCredentials>	Specifies the credentials used to authenticate the client to the service.

Dela via

<windows> of <clientCredentials> Element

Schema Hierarchy

Syntax

Attributes and Elements

Attributes

Child Elements

Parent Elements

See Also

Reference

Other Resources

Ytterligare resurser