What is the best authentication method through WCF?

Question

What is the best authentication method through WCF?

What is the best way to implement WCF authentication?

I would prefer not to use WS- *, as it should be independent of transport.

Should I "roll my own"? Are there any recommendations for this (articles / blog posts)?
Or is there a way (and should I) use the server side built-in ASP.NET Membership and Profile Provider?

+3

authentication .net asp.net wcf membership

tgmdbm Aug 19 '08 at 10:26

source share

5 answers

nedruod · Answer 1 · 2008-09-10T04:53:34+0000

WS-Security based message authentication is what you are looking for and is definitely supported by basicHttpBinding and netTcpBinding. I think you mistakenly believe that only WsHttpBinding will support WS-Security, which is inaccurate.

WS binding for WS- * items other than WS-Security, such as WS-ReliableMessaging. Configuring message-free transport security will still be difficult if you want it to remain secure. For transports that are not duplex, you must have at least one certificate exchanged in advance.

, , basicHttpBinding. basicHttpBinding UserName ( - ). , , .

, , , , - , () () . , , . , , .

samjudson · Answer 2 · 2008-08-20T07:58:25+0000

WS- * ?

WS- * , , , .

DavidWhitney · Answer 3 · 2008-08-20T08:45:12+0000

WS- * . .

, . , , , .

API WS- * , ( , GUID , ).

tgmdbm · Answer 4 · 2008-08-20T13:15:14+0000

.

, . , , , . basicHttpBinding netTcpBinding, , WS- * - .

Davids - , . , .

Scott P · Answer 5 · 2009-08-03T15:06:51+0000

If you are breaking an external service that requires user level authentication / authorization, I would recommend using an ASP.NET provider.

Here's a useful utility here that allows you to remotely administer an ASP.NET provider. ASP.NET solution requires SQL ...

What is the best authentication method through WCF?

More articles: