I am working on creating a WCF RESTful service that will be protected by passing external authentication tokens in HTTP headers. So the sequence looks like this:
- Client: get authentication token from authentication server
- Client: construct REST host authentication token in a custom HTTP header
- Client: run the command
- Stop server: check for authentication token
- Break server: request authentication server to check token and get user context
- Stop Server: User Authorization Rest Server: Performing a Service Action
So my question is the best way to do this in WCF / .NET? I could of course handle authentication / authorization in my REST method, i.e.
public void DoSomething(string input)
{
if (Authed())
{
...Do DoSomething...
}
else
{
throw new FaultException<MyFault>(new MyFault("Not today, thanks"));
}
}
public bool Authed()
{
string rawUserAuthToken = WebOperationContext.Current.IncomingRequest.Headers["MyCustomHttpHeader"];
...Do the magic needed to verify and Authorise the incoming token...
return result;
}
, , WCF . Googling, SecurityTokenAuthenticator, , , .
https://msdn.microsoft.com/en-us/library/system.identitymodel.selectors.securitytokenauthenticator(v=vs.110).aspx
, ?
EDIT: , / , , ,