Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to Authenticate and Authorize every WCF call?

I have WPF client consuming WCF service hosted in IIS. For authentication I am thinking of either certificate or user name authentication. Client calls couple of methods in WCF and passes some message.

  1. For every call that comes to WCF, I want to authenticate the user.
  2. To place message in db, I have to know who is the caller, what is their username and few other properties about the user. How to pass these info[may be a small object] on every call?
like image 564
iraSenthil Avatar asked Feb 17 '11 17:02

iraSenthil


People also ask

How can I add authorization header to the request in WCF?

MessageHeader header = MessageHeader. CreateHeader("Authorization", "", "Basic Y19udGk6Q29udGlfQjNTVA=="); request. Headers. Add(header);


1 Answers

This is the recommended default behavior - each call to the WCF service gets a new instance of the service, and each call is authenticated and authorized.

Just make sure not to enable things like session mode in WCF, and don't go down the path of a WCF singleton.

Just keep a regular, standard "per-call" WCF service - no issue there.

If you're on a corporate LAN, you could also think about using Windows credentials for authentication (which is the default for wsHttpBinding and netTcpBinding).

There's a really extensive WCF Security Guide which has tons of samples and how-to guides on how to set up certain scenarios of WCF security.

I would also recommend you check out The Fundamentals of WCF Security for a great intro to WCF and its security mechanisms.

A bit more advanced is the idea of Declarate WCF Security in which Juval Lowy introduces five security scenarios (that's a very worthy read!) and encapsulates them into security attributes to be applied to your service contract(s).

like image 60
marc_s Avatar answered Oct 26 '22 20:10

marc_s