I like to use wcf (windows communication foundation) with windows authentication.
Do I need Active directory for this purpose? How the server knows about the identity of the client?
If someone can found out the pass of the client that is using the wcf services, can he create the same user name on diff开发者_开发百科erent computer and use the password to access the wcf services ?
Yes, if you want to use Windows authentication, you need Active Directory as the source where the user gets validated.
The way this happens is by means of a user "token" - when your client logs into his PC with his Windows credentials, the login process will check with AD whether the user is legit and issue a "token". This token is then used in calls to a WCF service to determine who it is that is calling the service.
精彩评论