Ntlm-authentication against basicHttpBinding WCF service, using Claims

This specific claims-authenticated environment happens to be SharePoint. SharePoint has its own http modules which enforce the claims authentication. Unauthenticated access will result in a set of options for claims based authentication (such as Ntlm and forms).

A WCF service client obviously has no idea what to do with the 403-message SharePoint returns. Ideally it would do the Ntlm auth sequence against the url 开发者_Python百科"/_windows", which will yield a 401 challenge, then pass the resulting federation cookies to the WCF service.

This can't be the best practice way of dealing with multiple-auth-option Claims based services, but I'm unable to dig up any good resources on the subject. Is the basicHttpBinding futile? What are my options at this point?

If you are using claims with sharepoint you should use Windows Identity Foundation (WIF). See: http://www.microsoftpdc.com/2009/SVC26

You should be using Kerberos in this scenario and the ws2007FederationHttpBinding binding.

http://msdn.microsoft.com/en-us/library/bb675190.aspx