0

I need to write a WCF Service which takes one input parameter and based on this input parameter,there will be a business logic and it returns a true or false.

Now to have authorization to use this service,i need to check for credentials also.

What is best approach to check for credentials and allow him to access my service.

Can we do anything in headers ?

Santosh
  • 2,355
  • 10
  • 41
  • 64
  • This question is primarily opinion based on therefore not appropriate for SO - I advise that you reword it. One person's opinion on the best approach to check for client credentials is undoubtedly different from someone else's opinion. – Derek W Mar 04 '15 at 18:25

1 Answers1

1

The better if not the best solution, to make your service more secure when you are using a Username authentication is to use a Certificate.

Sending unencrypted username and password over any communication framework is not the best scenario. Therefore when we choose the UserName client credential type WCF insists that your service must also reference a service certificate that contains a private key. The public key in this certificate is used to protect the confidentiality of the username and password sent to the service. The private key is then used by the service to obtain those encrypted credentials.

An easy way to create a certificate on our own is using a Pluralsight tool called Self Cert. Or you can also buy a certificate.

To know the details of how to implement this procedure see this link:

Securing a WCF service with Username and Password using Message security and the Channel Factory pattern

Utsav Dawn
  • 7,896
  • 2
  • 29
  • 44