I am using Customvalidator class inheriting the UserNamepasswordvalidator The problem is Its getting called on every request. I want to bypass it once the user is authenticated
any help would be appreciated
Asked
Active
Viewed 359 times
1 Answers
0
There's no way to skip the validator, custom, UserName/Password or certificate based. It's actually called before the request hits your main function, so there's no way to step around it using a session or variable.
And that's really the point of separating authentication from the message processing ... it allows you to reject bogus requests at the earliest stage of the request/response process so your program's not wasting cycles fighting off zombie attacks and the like.
You can, of course, apply no authentication up front in your message processing and authenticate when the request arrives (not before as in the prior model). At that point you can create a session programmatically and go on from there ... but you'll be processing every message that comes through.
I'll add this, however. If think that if you use something like NetTCPBinding, or NetNamedPipesBinding, you can create a persistant session between the client and host, thus authenticating only once.
Brian
- 3,653
- 1
- 22
- 33