Menu
I'm implementing a service in WCF and need to have custom user authentication, by means of a username/password. This service is configured as a WebScript(JSON) service.
I would like to know if it's possible to obtain a security context so I don't have to include a hash or user/pass in every call. I know I can use a certificate for this, but I need to have the uses/pass mechanism of authenticating.
I'm going to be talking to this service using AJAX(jQuery), and it should be possible to use basic HTTP authentication.
This service will later on also expose other endpoints, for example over TCP, and this does support "proper" authentication.
There are so many ways to go for security in WCF, I feel kind of lost, and it feels like the more I read about it the less I know.
210
In addition to using HTTPS I would recommend taking a look at this article on building REST services with WCF. There is a section on using HMAC that has some good ideas. Depending on your scenario you may also want to consider offloading auth to another provider(OpenId implementor) and just maintain a profile on your side sans password.
80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
