1

I am starting a new product that will require a .NET based server (using WCF) hosted on Azure. I would like to have basic authentication and security features. The clients are all "rich" UI but are not neccessarily microsoft ones.

We intend to have the first client application written in Silverlight, but we want to keep our options open to implement clients for iOS and Android in the future. So we do not want to use WCF specific features but rather protocols that are easily available on other enviroments.

Of course, with the Silverlight client, we hope to get as much done for us automatically as possible. We intend to only communicate through web services.

Which bindings are recommended for such a scenario?

How would you implement security? (assuming we need basic security - Users being able to log in with encrypted user and password and perhaps some built in basic role management althouh this is optional).

Suggestions?

p.campbell
  • 98,673
  • 67
  • 256
  • 322
Hadar Kaplan
  • 31
  • 2

1 Answers1

3

You could use WCF to implement a REST interface

The binding would have to be a basicHttpBinding (to be open to all platforms) and using SSL to secure the line.

Managing credentials could be done using tokens to be passed back and forth after authentication. Much like a http session. You could pass the token using a cookie but the token could be part of the API or Headers as well. See this Best Practices for securing a REST API / web service

This would grant you the power of .NET and WCF without losing interopability.

Community
  • 1
  • 1
Emond
  • 50,210
  • 11
  • 84
  • 115