WCF Data Service Authentication

Question

WCF Data Service Authentication

- Can I protect the WCF data service with certificate-based authentication?

- Is there a resource that describes this process?

- Can we use message protection using the WCF data service?

+4

c # .net wcf wcf-data-services

Attilah Apr 05 '11 at 22:27

source share

2 answers

Pepto · Answer 1 · 2011-04-05T22:43:02+0000

The answer to all your questions is yes. Below is a very informative link provided by the Microsoft Templates and Practices team to accomplish exactly what you are looking for.

http://msdn.microsoft.com/en-us/library/cc949005.aspx

Frode nilsen · Answer 2 · 2013-11-11T11:28:09+0000

Certificate-based authentication can be performed as follows:

Server side:

public class ODataService : DataService<Database> { public ODataService() { ProcessingPipeline.ProcessingRequest += ProcessingPipeline_ProcessingRequest; } void ProcessingPipeline_ProcessingRequest(object sender, DataServiceProcessingPipelineEventArgs e) { if (!HttpContext.Current.Request.ClientCertificate.IsPresent) { throw new DataServiceException(401, "401 Unauthorized"); } var cert = new X509Certificate2(HttpContext.Current.Request.ClientCertificate.Certificate); if (!ValidateCertificate(cert)) { throw new DataServiceException(401, "401 Unauthorized"); } var identity = new GenericIdentity(cert.Subject, "ClientCertificate"); var principal = new GenericPrincipal(identity, null); Thread.CurrentPrincipal = principal; HttpContext.Current.User = principal; } private bool ValidateCertificate(X509Certificate2 cert) { // do some validation }

Client side:

Create a partial class to reference the database service (DataServiceContext)

 public partial class Database { // ref: http://social.msdn.microsoft.com/Forums/en-US/0aa2a875-fd59-4f3e-a459-9f604b374749/how-do-i-use-certificate-based-authentication-with-data-services-client?forum=adodotnetdataservices private X509Certificate clientCertificate = null; public X509Certificate ClientCertificate { get { return clientCertificate; } set { if (value == null) { // if the event has been hooked up before, we should remove it if (clientCertificate != null) { SendingRequest -= OnSendingRequest_AddCertificate; } } else { // hook up the event if its being set to something non-null if (clientCertificate == null) { SendingRequest += OnSendingRequest_AddCertificate; } } clientCertificate = value; } } private void OnSendingRequest_AddCertificate(object sender, SendingRequestEventArgs args) { if (null != ClientCertificate) { (args.Request as HttpWebRequest).ClientCertificates.Add(ClientCertificate); } }

Use it like this:

  Database db = new Database(new Uri(service)); db.ClientCertificate = CertificateUtil.GetCertificateByThumbprint(StoreName.My, StoreLocation.LocalMachine, "<a thumbprint>");

Private key stored on the client computer, public key stored on the server on the local computer / Trusted Root CA

Remember to require / negotiate a client certificate for this site in IIS.

(Tested on WCF Data Services 5.2, VS 2012)

WCF Data Service Authentication

More articles: