How to authenticate and authorize every WCF call?

Question

How to authenticate and authorize every WCF call?

I have a WPF client that uses the WCF service hosted in IIS. For authentication, I mean authentication of a certificate or username. The client calls a couple of methods in WCF and passes some message.

For every call that comes in WCF, I want to authenticate the user.
In order to post a message in db, I need to know who the caller is, what is his username and several other user properties. How to transfer this information [may be a small object] for each call?

+8

wpf wcf wcf-security

iraSenthil Feb 17 '11 at 17:10

source share

1 answer

marc_s · Accepted Answer · 2011-02-17T17:30:10+0000

This is the recommended default behavior - each call to the WCF service receives a new instance of the service, and each call is authenticated and authorized.

Just remember to enable things like session mode in WCF, and don't go down the path of a singleton WCF.

Just keep the standard standard WCF service for every call. No problems.

If you work on a corporate LAN, you might also consider using Windows credentials for authentication (the default values are wsHttpBinding and netTcpBinding ).

There is a truly extensive WCF Security Guide , which has many examples and practical guidelines for setting up specific WCF security scenarios.

I also recommend that you familiarize yourself with WCF Security Fundamentals for an excellent introduction to WCF and its security mechanisms.

A slightly more advanced idea is Declarate WCF Security , in which Juval Lowy introduces five security scenarios (this is a very worthy read!) And encapsulates them in the security attributes that will apply to your contract contracts.

How to authenticate and authorize every WCF call?

More articles: