All geek questions in one place

Wcf webhttp authentication

I work with WCF Webhttp services. I created many services, and all that remains is to enter user authentication ...

Questions

  • Keeping the rest architecture style, should I authenticate every service call against the db user. If this is the case, I should simply authenticate by providing the credentials and password each time the service is called and protects it using SSL. Basically, every webget / webinvoke function should contain user credentials as parameters, and I will authenticate every call. It is right? It seems rather inefficient.

  • Using the session key somehow seems wrong, but any pointers to using the session in the WCF website?

  • I do not work with ASP.net membership (I will study it soon), since I worked with Mysql and created my own registration / user database. Should I look at that? Can I use wcf authentication service with wcf web services?

Any literature on handling authentication in WCF web services will be very helpful.

Thank you very much

+4
source share
1 answer

You can check out Chapter 8 of RESTful.NET ( Amazon , Google books )

You will only authenticate the first call from the user, any subsequent calls will use the context of the authenticated user. There are several options for using SSL (TLS), as always or simply when sending a username / password.

I am not sure exactly where and how you store the authentication token (for example, in a session or similar type).

You do not need to use the ASP.NET membership provider, in fact you cannot use any member provider at all, just use other authentication models. Typically, there will only be one authentication model per service, for example, you get credentials, check them for permanent storage, if in reality you set a security token, and this token is used for all of the following calls for a limited time.

0
source

Source: https://habr.com/ru/post/1332670/

More articles:


All Articles