Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to put a password on a WCF Service?

I'm working on a WCF Service that is called by our other softwars to send bug information to our database. The problem is that, since it is an online service, it isn't safe, so I was wondering if it's possible to the service to request a password (i.e. when we call the service, we have to configure the password or something like that).

I googled about it, but it all seemed so complex for such a simple thing ... can you guys help me out?

Edit:

The idea is to authenticate through my software, without the need of a user login.

like image 243
Bruno Machado - vargero Avatar asked Mar 03 '11 21:03

Bruno Machado - vargero


People also ask

How to authenticate WCF service using username and password?

To configure a service to authenticate its clients using Windows Domain username and passwords use the WSHttpBinding and set its Security. Mode property to Message . In addition you must specify an X509 certificate that will be used to encrypt the username and password as they are sent from the client to the service.

How can I pass a username password in the header to a soap WCF service?

UserName. Password = "testPass"; In this way you can pass username, password in the header to a SOAP WCF Service.

Can we call WCF service from Javascript?

Whenever you need to consume a WCF web service from a web page, you have (at least) three options: Have the ASP.NET ScriptManager generate a strongly-typed JavaScript proxy to the service that you can call directly (you even get Visual Studio intellisense!)


2 Answers

You can use the ASP.NET Membership provider to authenicate clients. There is an article on MSDN describing how to achieve that.

like image 22
Fredrik Mörk Avatar answered Oct 16 '22 05:10

Fredrik Mörk


Another option is to implement your own security. Here's a basic example.

WCF Service

In your service, change it's ServiceBehavior's InstanceContextMode to PerSession and ConcurrencyMode to Single

[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession, ConcurrencyMode = ConcurrencyMode.Single)]
public class SomeService : ISomeService
{ 
    // ...
}

Add a Username and Password property in your service.

public string UserName { [OperationContract] get; [OperationContract] set; }
public string Password { [OperationContract] get; [OperationContract] set; }

Add a private method for checking a security.

public void CheckSecurity()
{
    if ((this.UserName == null || this.Password == null) ||
        this.UserName == "username" && this.Password == "password"))
    {
        throw new FaultException("Unknown username or incorrect password.");
    }
}

Then call the CheckSecurity method in each of your service class constructor method.

public SomeServiceMethod1()
{
    this.CheckSecurity();

    // some method codes
}

Client Application

In your client application code, set the service username and password for every instance, or create a static class that will do this for you.

You might also try to use encryption in the username and password to add security.

Note that this is just to add another option for you that might fit your needs but you should always try to use the Microsoft way of doing things.

like image 160
John Isaiah Carmona Avatar answered Oct 16 '22 06:10

John Isaiah Carmona