AuthorizeAttribute in WCF as MVC's

Question

I'm new to WCF (Most of my time, I worked with ASP.NET Web API & MVC).

I wonder there is any AuthorizeAttribute in WCF or not (custom implementation is ok) .

For example:

+) In Web API, I have these steps :

-) Call [POST] api/login with email & password to login

-) Store email & password in front-end site, each time front-end sends a request, they have to include email & password in header for authentication.

-) In back-end, AuthorizeAttribute reads email & password of request header, do validation then authenticate the request as it is valid.

My question is: Can my WCF application have an Attribute to do the same work as the API does ?

Thank you

Answer 1

You could implement your custom UserNamePasswordValidator:

public class MyValidator : UserNamePasswordValidator
{
    public override void Validate(string user, string password)
    {
        // Do your validation logic.
        // In case of unauthorized access throw appropriate exception.
    }
}

And configure service behavior to use it:

<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="behavior_name">
                <serviceCredentials>
                    <userNameAuthentication userNamePasswordValidationMode="Custom"
                        customUserNamePasswordValidatorType="SomeNamespace.MyValidator, AssemblyName" />
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>

Also it is not a good idea to store password. Would be better to generate an auth token by this login & password, and use that token.