WCF and Authentication

Question

i need to pass a value from client everytime a request sent to WCF and check that value on server and decide to make the request or not, can any one write an example of that ?im not sure how is that is going be implemented

case: im generating a key based on the hardware of the client and i want to send that key to the server with every request to check if the key is accepted in the server db and then decide to process the request or not.

thanks in advance.

Answer 1

You are looking for message inspector. Check this article.

Edit:

Mentioned approach is the easiest one in your case. You will create client message inspector to add custom header and dispatch message inspector to extract header and validate key. If the key is not valid you will throw an exception.

The clean solution is to create custom token and cutom credentials but it is really complex so unless you want to dive deeply into WCF security implementation use message inspectors.

Answer 2

I've implemented something like this to deal with some particularly "custom" authentication where methods are allowed or denied based on database state. It uses PerSession implementation, which allows you to avoid passing that key every time, since you can maintain the proxy for the duration of execution. It also provides some performance benefits by eliminating the overhead of instantiating the proxy repeatedly (may not be an issue depending on your design).

1. Implement your service with an InstanceContextMode of "PerSession" [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)]
2. Provide an initialization method in your service which accepts the key, and keeps a reference to it.
3. In your service's methods, check that key, other conditions, etc. to determine what you need to do.
4. Now when you instantiate the client proxy, call that initialization method first passing the key, and from that point forward you can proceed to make calls without it.