Reputation: 485
WCF Rest Authentication
I need to setup authentication and authorization on my WCF restful web service for the first time. The web service will be using HTTPS protocol. Since the communication is now encrypted, does it really matter what method I use to determine authentication? Could it be as simple as passing username/password in the header?
Upvotes: 1
Views: 152
Answers (1)
Reputation: 7105
It still 'matters' in the sense that the consumer of your API will need to implement whatever Authentication you choose.
That said, Passing username/password in an Authorization header is a standard way of doing things. With Basic Authentication (you should find the option in IIS Authentication options for your service), the passed header looks something like this:
Authorization: Basic username:password
where username:password is base64 encoded.
You'll have to pass this in every call unless you implement some other scheme (perhaps using cookies)
Since you're using HTTPS, all of this will be encrypted.
Upvotes: 2
Related Questions
- WCF security authentication
- Authenticating a WCF web service
- Authentication Service using WCF
- Authentication approaches for WCF REST
- WCF authentication
- WCF/ASP.NET Authentication
- REST WCF Authentication
- WCF REST RequestInterceptor authentication
- WCF REST based services authentication schemes
- WCF Authentication