0

I am going to work on a wcf service that would expose our catalog information for several external organization to access. I would like to authenticate/authorize them using a simple table in my back end which contains their login information. (right now there is only one, but could grow down the line) Should I be using the wcf message with transport credential for this scenario? Any thoughts/suggestions would be welcome. Does it even matter how they access our wcf service? I will be using vs2012.

Improve this question

1 Answer 1

Reset to default
1

Given that your clients may not be using WCF or even Windows, I would recommend using WSHttpBinding, which allows you to use message security and attach username and passwords to the request. On your host you can then use a custom password validator to verify the credentials against your database. See http://msdn.microsoft.com/en-us/library/aa702565.aspx for more information on that. SSL is also an additional option if you want the transport secured.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yes, I would like to use custom username/password validator along with SSL to secure the transmission. I will go through the example link above and hopefully i can get it to work. Is there a complete example out there?
There should be plenty on the web. If you use IIS to host your service its pretty straight forward, the hardest part is making sure a certificate is properly installed on your dev box.
Thanks..i was able to figure it out...Yes, we do have a test certificate already configured..so it worked out great!! Thanks for your help!!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.