I'm working on a solution where I have a WPF project that is using a WCF DataService which is located in another ASP .NET project to access the data.
I need to provide a level of security which ensures that only authenticated users can access the service. Having surfed the net I've broken my head trying to accomplish that. What is the proper way to implement that?
I did this in the past where the WCF's Login
method would create a user object, assign the user object a Token (in my case, it was a GUID), and store it internally on the WCF server in an AuthenticatedUsers
list.
Any other WCF call required the token as a parameter. It would check if a user existed in the AuthenticatedUsers
list with that token, and would return an error if the no User with that token existed. An added benefit is I would always know who made the WCF call without needing them to pass in a User Id.
I also stored a LastActivity
DateTime with the User objects on the server. Each WCF call would refresh this value, and providing the AuthenticatedUsers
list on the WCF server had at least one value, a Timer ran on the server which would check the AuthenticatedUsers LastActivity
value and delete the user if they had been inactive for over 20 minutes.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With