WCF Service Authorization via Username and Password [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.

---

开发者_运维技巧

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 1 year ago.

Improve this question

Edited 3.9.2011 to add one more related question

Hello,

I'm very new to WCF and doing a crash course right now.

Can I please have a second set of eyes review my plans?

Here are the (planned) details:

The goal is to make an internet-accessible WCF service that uses a username and password for authorization with the credentials and message content protected in transit by SSL.

A WCF SOAP Service

• Binding: wsHttpBinding
• Auth: UsernameAuthentication (custom)
• Security Mode: Transport

Will these items live gracefully together? I was not sure if I needed to change the security mode to "TransportWithMessageCredential".

A related question: I'm trying to get identity information, similar to using HttpContext.Current.User. Is this how I can do it?

IIdentity myIdentity = 
OperationContext.Current.ServiceSecurityContext.PrimaryIdentity;

Please let me know if I need to change my binding, auth, or security mode.

Thanks so much!

Edit - Additional Question: When first conceived, the plan was to have the consumer send the username and password as part of the message. Credentials would be secured by SSL. then, in the respective service method's code, I'd eval if they have access or not and stop them. This seems like a simpler method of implementing authorization, but are there any downsides I need to know about?

---

Yes, those settings should be fine - wsHttpBinding supports transport security with username/password credentials.

As for the identity: in your service-side code, you can inspect the ServiceSecurityContext and find the identity of the caller on that:

ServiceSecurityContext secCtx = ServiceSecurityContext.Current;
var identity = secCtx.PrimaryIdentity;