0

I am going to work on a wcf service that would expose our catalog information for several external organization to access. I would like to authenticate/authorize them using a simple table in my back end which contains their login information. (right now there is only one, but could grow down the line) Should I be using the wcf message with transport credential for this scenario? Any thoughts/suggestions would be welcome. Does it even matter how they access our wcf service? I will be using vs2012.

cableload
  • 4,215
  • 5
  • 36
  • 62

1 Answers1

1

Given that your clients may not be using WCF or even Windows, I would recommend using WSHttpBinding, which allows you to use message security and attach username and passwords to the request. On your host you can then use a custom password validator to verify the credentials against your database. See http://msdn.microsoft.com/en-us/library/aa702565.aspx for more information on that. SSL is also an additional option if you want the transport secured.

stephenl
  • 3,119
  • 4
  • 22
  • 22
  • Yes, I would like to use custom username/password validator along with SSL to secure the transmission. I will go through the example link above and hopefully i can get it to work. Is there a complete example out there? – cableload Apr 09 '13 at 13:08
  • There should be plenty on the web. If you use IIS to host your service its pretty straight forward, the hardest part is making sure a certificate is properly installed on your dev box. – stephenl Apr 10 '13 at 00:11
  • Thanks..i was able to figure it out...Yes, we do have a test certificate already configured..so it worked out great!! Thanks for your help!! – cableload Apr 10 '13 at 18:10