Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WCF how to pass token for authentication?

I have a WCF service which would like to support basicHttpBinding and webHttpBinding. When the client successfully login, server will generate a token for client to pass to server on all the request make later. Question is how the client can pass the token to server? I don't want to add an extra parameter on every web method to hold the token.

like image 599
Kevin Avatar asked Apr 09 '10 04:04

Kevin


People also ask

How can I add authorization header to the request in WCF?

MessageHeader header = MessageHeader. CreateHeader("Authorization", "", "Basic Y19udGk6Q29udGlfQjNTVA=="); request. Headers. Add(header);

How token-based authentication works C#?

Token-based authentication is a process where the client application first sends a request to Authentication server with a valid credentials. The Authentication server sends an Access token to the client as a response. This token contains enough data to identify a particular user and it has an expiry time.


1 Answers

Typically, the best way to do something like this is passing such "meta-information" in a WCF header. You can easily create a message inspector to extend WCF (it's really not that scary and hard to do!) which would inject the token into every outgoing request from the client, and retrieve it from the header and validate it on the server side.

There are a number of pretty good blog post out there showing you how to create a message inspector:

  • Richard Hallgren's WCF postings
  • Writing a WCF message inspector
  • Automatic Culture Flowing with WCF by using Custom Behaviour

Check out the two relevant interfaces to implement:

  • IClientMessageInspector on the client side, which has a BeforeSendRequest and AfterReceiveReply message to implement
  • IDispatchMessageInspector on the server side, which has a AfterReceiveRequest and BeforeSendReply method to implement
like image 124
marc_s Avatar answered Nov 05 '22 05:11

marc_s