Secure WCF service in Windows Azure

Question

Hello,

I want to create a secure wcf service which should be consumed from a Silverlight and Windows Mobile application.
I have to create user names and passwords with a specific role (admin or member) at runtime. When a WCF method is invoked, I have to know what the user name is, because depending on that, the result is different.

Can somebody help me?


Thanks,

Gerold Lechner

Answer 1

You could use transport  security: SSL or message security: X509. Either method is supported.

---

Pita.O:
http://www.arizentax.com/
http://www.cgi.com

Answer 2

Hello, I don't know much about the Windows Mobile case. But as far as Silverlight is concerned, you can use forms authentication, and relies on ASP.NET to authenticate the user. You can use ASP.NET Authentication Service. As long as your WCF service is ASP.NET compatible, you will be able to get the user name via HttpContext.Current.User.Identity.Name. I think this should also work for Windows Mobile. For more information, please refer to http://msdn.microsoft.com/en-us/library/dd560704(VS.95).aspx.

For the WCF level security (transport and message), Silverlight currently only supports None, Transport, TransportWithMessageCredential, and TransportCredentialOnly. That is, the complete message security is not supported.

Regarding Windows Mobile, I'm not sure, but the WCF support in .NET Compact Framework 3.5 is very basic. For example, only None and Transport security mode are supported. But forms authentication should work fine...

---

Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.

Answer 3

Here is a video wich demonstrates it: http://www.silverlight.net/learn/videos/silverlight-videos/using-aspnet-secure-services-and-applications-services/.