Reputation: 34198
Best guidance for One time user authentication & wcf service
i am new in wcf service and i have seen people always send user credential when they made any function call of wcf service like the below way.
private static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(
delegate { return true; });
var client = new WcfServiceClient();
client.ClientCredentials.UserName.UserName = username;
client.ClientCredentials.UserName.Password = password;
Console.Write(client.GetData(1));
client.Close();
Console.Read();
}
i want that i will pass user credential once and after authentication user can call any service function many time without credentials. so guide me how to design that kind of service. looking for small sample code which help me to learn & implement. thanks
Upvotes: 1
Views: 305
Answers (1)
Reputation: 31770
You would need to enable sessions on your service and then your client can establish a session with the service. This can only happen while the same channel is used to communicate with the service.
In your above code, for example, the session would be terminated when you called Close().
In order for you to establish a security context once and then re-use it you need to establish a secure session, which means that a security token is retrieved once and then used repeatedly for subsequent operation calls.
However this is only available for certain bindings, and does not work with basicHttpBinding.
UPDATE
The second link I posted outlines two different ways to expose a service with secure session. Unfortunately client code is not included in the article.
The client code can be either generated using svcutil.exe (or Add Service Reference in VS), or you can use the WCF Channel stack to create a client on on the fly using the assembly containing the service operation and data contract definitions.
If you configure secure session in the <system.servicemodel/> configuration section using one of the standard WCF bindings, the binding configuration can be copied and pasted into the client config and this is all that is necessary for the client to use secure sessions.
So the WCF stack handles this for you. Hope this is clear.
Upvotes: 1
Related Questions
- What is considered "best practice" for user authentication/authorization for WPF and WCF applications?
- Need guide line for a vital WCF service design for our organization
- Best authentication/security strategy for WCF service with multiple clients
- WCF Web Service authentication - recommend method?
- WCF User Authentication Best Practices
- What is the best way to implement authentication in a WCF service on an enterprise architecture?
- What is the best way to authenticated users with WCF by username and password
- WCF Authentication Strategies
- Best practice authentication when working with WCF web services
- What is the best suited authentication technique for this scenario?