1

I am writing a WCF Service that will require a username and password authentication, however, I am not responsible for writing the clients to access the service, so I am not sure how I can access the username and password. To give an example, when testing, I created the service and then I created a test application that would instantiate a client for me and then I would set the username and password like so:

WcfClient client = new WcfClient();
client.ClientCredentials.UserName.UserName = "test";
client.ClientCredentials.UserName.Password = "test";
client.Open();

Do I have to capture the client's username and password in some header, if so how would I go about doing this? Maybe WCF has something in place for this, but I don't understand it yet. If more clarification is needed, I will be glad to edit the post.

Xaisoft
  • 45,655
  • 87
  • 279
  • 432

1 Answers1

0

You can either go with the built-in WCF support for the ASP.NET membership provider or with rolling your own custom username validator. The ASP.NET membership provider approach is a more complete solution because it also has an admin capability to maintain the user names and passwords.

Sixto Saez
  • 12,610
  • 5
  • 43
  • 51
  • Sixto, I appreciate the answer and I am using a custom username validator, but in my own test client, I hard-coded the username and password, but how would I get the username and password from a client that I am not implementing. – Xaisoft May 18 '11 at 19:29
  • You'll need to provide more information on the type of client that will call your service and what bindings you're going to use to get a more exact answer. I do know that no scenario will allow to access the Windows passwords if that is what are trying to do. – Sixto Saez May 18 '11 at 19:49
  • I will provide the endpoint address for my service and the client will be in php and they will need to send me a username and password from their php client and I will have to take it and set it in my service. – Xaisoft May 18 '11 at 19:53
  • That sounds like you are using the basicHttpBinding and basic HTTP authentication. If that's true then as long as the PHP client supports HTTPS and can create the HTTP authentication headers, your service will validate them the same way that it would a WCF client configured like that. – Sixto Saez May 18 '11 at 19:57
  • That helps a bit, but in my service, how do I access the HTTP authentication headers and once I access them, how do I set the username and password for my service? – Xaisoft May 18 '11 at 19:59
  • 1
    Unfortunately it is not straight forward to implement this scenario. What you need to do is look at the code in this [article on HTTP authentication](http://webservices20.blogspot.com/2008/11/how-to-use-clear-usernamepassword-with.html) and adapt it for your needs. You just need to ensure you configure it for HTTPS so the actual username password aren't actually sent in the clear. There was a [similar question](http://stackoverflow.com/questions/5531377/wcf-with-custom-membershipprovider-and-no-x-509-cert-possible) on this topic that you might want to look at. Good Luck!! – Sixto Saez May 19 '11 at 01:11
  • I couldn't squeeze into the last comment that if the PHP soap client can't support HTTPS that the clear HTTP binding referenced in the links are the only option. If it does support HTTPS (using certificates) then you should use the out-of-box WCF authentication functionality I referenced in the links. – Sixto Saez May 19 '11 at 01:21