Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WCF dataservice security in a WPF application

I'm working on a solution where I have a WPF project that is using a WCF DataService which is located in another ASP .NET project to access the data.
I need to provide a level of security which ensures that only authenticated users can access the service. Having surfed the net I've broken my head trying to accomplish that. What is the proper way to implement that?

like image 437
OneMoreVladimir Avatar asked Nov 05 '22 11:11

OneMoreVladimir


1 Answers

I did this in the past where the WCF's Login method would create a user object, assign the user object a Token (in my case, it was a GUID), and store it internally on the WCF server in an AuthenticatedUsers list.

Any other WCF call required the token as a parameter. It would check if a user existed in the AuthenticatedUsers list with that token, and would return an error if the no User with that token existed. An added benefit is I would always know who made the WCF call without needing them to pass in a User Id.

I also stored a LastActivity DateTime with the User objects on the server. Each WCF call would refresh this value, and providing the AuthenticatedUsers list on the WCF server had at least one value, a Timer ran on the server which would check the AuthenticatedUsers LastActivity value and delete the user if they had been inactive for over 20 minutes.

like image 56
Rachel Avatar answered Nov 10 '22 16:11

Rachel