wcfasp.net-membershipforms-authenticationrestful-authenticationwebhttp

wcf webhttp authentication


I am working with WCF Webhttp services. I have created a bunch of services and all that remains is to put in user authentication...

Questions

Any literature on handling authentication in WCF webhttp services would be greatly helpful.

Many thanks


Solution

  • You can check Chapter 8 of RESTful .NET book (Amazon, Google books)

    You will authenticate only the first call from the user, any subsequent calls will use the context of the authenticated user. There are several options how you can use SSL(TLS), like always or just when you send username/password.

    I am not sure where exactly and how you store the authentication token (like in Session or similar type).

    You don't need to use ASP.NET membership provider, in fact you may not use any membership provider at all, just use other authentication models. Usually, there will be only one authentication model per service, like you get the credentials, check them against persisted storage, if valid you set the security token and that token is used for all the next calls for a limited amount of time.