Windows Authentication in WCF

I am new to WCF, trying to create a .net WCF service app. i need to accept a xmldocumnet obj and username , password, do the authentication against Active directory and only allow certian role users. i cannot use IIS integrated or basic auth as some of my clinet cannot fo NTLM or Basic windows auth.

Is there a easy way in WCF to implement windows authent开发者_如何学Goication and restrict role sevice?

Why not use certificates and map the cert to a windows user in AD - then you have a construct that is standard HTTP that can be mapped to a windows account automatically which allows you to use Windows authorization.

If you will not use any form of HTTP authentication then you can send the credentials as items in the message, use SSPI to verify the username and password then look in AD for the groups and wire up your own IPrinciple which will allow you to do PrinciplePermission checks for roles. If you go tihs route (which I wouldn't recommend) then please please use SSL - otherwise your system is horribly insecure.