Need guide line for a vital WCF service design for our organization

Question

i am new in wcf but our ogranization want me to develop a single wcf service which will be used by our oranization employee and as well as out side customer.

wcf service will be hosted in our organization pc which is be accessible from our organization lan and as well as using internet.

our IT head want that when our employee will use the service then they will pass their windows authentication credentials and when 3rd party customer will access then they will pass their user name & password which will be validated against database.

now my concern is that how do i design my service that which can indentify our employee and 3rd party user.

how to write the code for authentication that when our request comes from our domain then i will not validate user credential and when request comes from 3rd part then request will be validated against database.

just give me small code snippet which guide me to write code for authentication. authentication routine will detect that request comes from where....

request comes from our domain or from 3rd party user? if 3rd party then validate user credential against database.

UPDATE

@Michal Ciechan : hi thanks for reply.

i understood that i have to set up two different binding. one will use our domain user and other will use out side user.

i want to design my service which will have validate method and it will validate user against domain or database.

service will accept user id & password whoever consume the service and validate method will just have the logic to detect the user is from our domain if yes then it will validate user against the domain and if the user from our side then it will validate user credential against database.

here i am giving a small service client code just show how people will send credentials to service

private static void Main(string[] args)
{
     var client = new WcfServiceClient();
     client.ClientCredentials.UserName.UserName = username;
     client.ClientCredentials.UserName.Password = password;
     if(client.IsValid())
     {
          Console.Write(client.GetData(1));
     }
     client.Close();
     Console.Read();
}

so now guide me how to design my service and also isValid function which can detect the user type. like user is from our domain or user is from out side and validate accordingly.

my question is how client code will look like in my case. how to pass domain user credential to service and how to pass out side user credential to service. please guide me. thanks

Answer 1

Expose different bindings.

For employees use netTcpBinding

for clients, use Http base binding.

You can change security settings on each binding individually

For custom username + password authentication, you can implement UserNamePasswordValidator.

See How to: Use a Custom User Name and Password Validator

Sample Configuration:

<bindings>
  <netTcpBinding>
    <binding name="SecureService_Tcp"
      …
      <security mode="Transport">
        <transport clientCredentialType="Windows"
                   protectionLevel="EncryptAndSign" />
        <message clientCredentialType="Windows" />
      </security>
    </binding>
  </netTcpBinding>
  <wsHttpBinding>
    <binding name="SecureService_WsHttp"
        <security mode="TransportWithMessageCredential" >
           <message clientCredentialType="UserName" />
        </security>
    </binding>
  </wsHttpBinding>
</bindings>