Geek Answers Handbook

Is WIF a great option for securing WCF 4.0 with iPhone

I have a project that is supposed to provide WCF support to an iphone / ipad client. WCF worked, now I need to protect it with a username and password.

For some reason, I'm a little reluctant to go with CustomBasicAuth

Oauth is also not ideal in the WCF world, you need to create a wrapper to get around it. Please correct me if I am wrong.

Now I'm looking at the Windows Identification Foundation. Honestly, this looks reasonable, but without documentation.

2 things to consider:

  • The implementation should be iPhone (not just used in the .net world)

  • implementation should be easily deployed in the cloud (light blue)

I would like to know which option you choose, and what is the reason for choosing it. Any links or links will be appreciated.

+6
iphone restful-authentication wif wcf sts-securitytokenservice
source share
4 answers

You might want to try this basic authentication procedure for WCF REST, http://weblogs.asp.net/cibrax/archive/2009/03/20/custom-basic-authentication-for-restful-services.aspx

According to your requirements, basic authentication should be sufficient for what you need. WIF will add some noise to the mix.

Thanks Pablo.

+1
source share

Windows Indentity Foundation - WIF, uses SAML 2.0 applications.

Thus, it is well suited for both cross platform and cloud.

Here is a link to the WIF documentation: http://msdn.microsoft.com/en-us/security/aa570351

Note that WIF is also used for Windows Azure Access Control Services.

0
source share

I use WIF in custom STS in Azure for one of our sites. I think that my only concern will be whether the agent, in this case iPhone / iPad, can handle the size of cookies generated by WIF, as they can be quite large. We were bombarded with exceptions related to the fact that the requirement does not work in certain browsers due to cookie size limitations. Of course, I do not know if these restrictions exist for the platforms you use.

0
source share

Check out this nice code draft article,

http://www.codeproject.com/Articles/149738/Basic-Authentication-on-a-WCF-REST-Service

I am also studying this problem, so I'm not sure if this is a complete approach, but still worth reading.

I would add the following architectural problem to your question:

What to do if you want to support both active (WCF) and passive (check web browser) in the same system? I'm still not sure about that.

0
source share

More articles:


All Articles