I work on a mobile web app in Javascript(Sencha)/HTML5 with WCF Rest services that needs to use authentication to authenticate users from a custom (MySQL) database in order to customize services responses during the user session.
I search about WCF authentication and founded so many ways that i'am really lost to find the best way to answe开发者_JAVA百科r my constraints...
Can i really authenticate my user from the WCF web service (with his username and password) and then keep a token or a cookie or whatever that can be used in the following request in order to identify my user and make my response according to that user ?
Thanks in advance for your help !
Authentication as you many know can be done in many ways. Username/password, Certificate etc. It really depends upon your requirement.
For e.g. If you have a mobile application which is dealing with financial information for a user (such as Bank account) then I would use both user credentials as well as X509Certificates.
If you have an application which is public facing then you can get away with using just certificates (Just client certi).
If you have a B2B application (which I would doubt in this case) then you can use Asymantic certificates (Client and server) in which you will create Both Client and Server certifcates (X509) and give to the client and let the client manually install it on their client devices.
For the simplest senario you can start by try using username and password. So your client app will user username/password to authenticate with a WCF Service at server. Follwing my give you a good starting point http://msdn.microsoft.com/en-us/library/ms733131.aspx http://www.codeproject.com/KB/WCF/CustomUserNamePassAuth2.aspx
精彩评论