I have WPF client consuming WCF service hosted in IIS. For authentication I am thinking of either certificate or user name authentication. Client calls couple of methods in WCF and passes some message.
MessageHeader header = MessageHeader. CreateHeader("Authorization", "", "Basic Y19udGk6Q29udGlfQjNTVA=="); request. Headers. Add(header);
This is the recommended default behavior - each call to the WCF service gets a new instance of the service, and each call is authenticated and authorized.
Just make sure not to enable things like session mode in WCF, and don't go down the path of a WCF singleton.
Just keep a regular, standard "per-call" WCF service - no issue there.
If you're on a corporate LAN, you could also think about using Windows credentials for authentication (which is the default for wsHttpBinding
and netTcpBinding
).
There's a really extensive WCF Security Guide which has tons of samples and how-to guides on how to set up certain scenarios of WCF security.
I would also recommend you check out The Fundamentals of WCF Security for a great intro to WCF and its security mechanisms.
A bit more advanced is the idea of Declarate WCF Security in which Juval Lowy introduces five security scenarios (that's a very worthy read!) and encapsulates them into security attributes to be applied to your service contract(s).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With