I want, without using WCF / C # built-in components for it,
- RESTful Client Authentication
- Handling authentication errors when calling an API in the client
This is a pedagogical exercise: I understand that there are built-in authentication methods, I want to do this from scratch in order to understand how it all works.
I have hash and password validation logic and an open REST call that validates the password, but I'm not sure how it gets from here.
Background
I am trying to create an authentication method for my holiday service.
So far, I have managed to create a password hash, salt and save the salt, and I have been able to authenticate the user. However, I'm not sure how you should encapsulate all my REST request requests on wcf so that if they were requested (GET, POST), it asks you to log in and if your logon is missing.
Because I have included my own authentication method, and I'm new to web services, and C # I really don't know where to start?
So, I am going to offer 300 representatives of all who could offer an approach to this.
The code
This is my holiday service:
[ServiceContract(Namespace = "http://tempuri.org")] [XmlSerializerFormat] public interface IService { .... all of my GET, POST, PUT and DELETE requests { [DataContract(Name="Student")] [Serializable] public class Student { [DataMember(Name = "StudentID")] public string StudentID { get; set; } [DataMember(Name = "FirstName")] public string FirstName { get; set; } [DataMember(Name = "LastName")] public string LastName { get; set; } [DataMember(Name = "Password")] public string Password; [DataMember(Name = "Salt")] public byte[] Salt;
I am also hosting from a console application and I do not have web.config files or app.config files. And since I made my own authentication method, I'm not sure if basic authentication will work.
I also do not want to have a session to support SOA services and Stateless.
Console Application:
namespace ConsoleApplication1 { class Program { static void Main(string[] args) { string baseAddress = "http://" + Environment.MachineName + ":8000/Service"; ServiceHost host = new ServiceHost(typeof(Service), new Uri(baseAddress)); WebHttpBinding binding = new WebHttpBinding(); binding.Security.Mode = WebHttpSecurityMode.Transport; host.AddServiceEndpoint(typeof(IService), new WebHttpBinding(), "").Behaviors.Add(new WebHttpBehavior()); host.Open(); Console.WriteLine("Host opened"); Console.ReadLine(); } } }
Please note that on my client side I am doing something very simple for authentication:
private void Login_Click(object sender, RoutedEventArgs e) { //Authenticate user (GET Request) string uri = string.Format("http://localhost:8000/Service/AuthenticateUser/{0}/{1}", textBox1.Text, passwordBox1.Password); XDocument xDoc = XDocument.Load(uri); string UserAuthenticationID = xDoc.Element("string").Value; Int32 value; if (Int32.TryParse(UserAuthenticationID, out value)) { MainWindow authenticatedidentification = new MainWindow(); authenticatedidentification.SetLabel(UserAuthenticationID); authenticatedidentification.Show(); this.Close(); } else { label1.Content = UserAuthenticationID; } }
Therefore, I am not sure what else would need to be placed in the main application, if there is anything for the above, so that the main application gets access to these requests for rest.