none
When calling a WCF service from an ASP.net MVC website, how can I obtain the user's password for use in the call to the WCF service? RRS feed

  • Question

  • What is the best (and ideally fairly easy to implement) way to call WCF services securely from an MVC5 (or 4) website?

    I plan to use transport security (i.e. to a https:// SSL endpoint for the WCF services).

    Thanks

    Thursday, January 9, 2014 5:30 PM

All replies

  • Hi,

    If you want to call wcf services securely, maybe you have to use the authentication, for example using window authentication, then in the client you can use the following:

    client.ClientCredentials.Windows.ClientCredential.Domain = domain; 
    client.ClientCredentials.Windows.ClientCredential.UserName = userName;
    client.ClientCredentials.Windows.ClientCredential.Password = pswd;

    #How to: Use wsHttpBinding with Windows Authentication and Transport Security in WCF:
    http://msdn.microsoft.com/en-us/library/ff648431.aspx .

    Then for how to call the wcf from the MVC, please try to check the following:
    #Accessing a WCF Service in an ASP.Net MVC Application:
    http://www.c-sharpcorner.com/UploadFile/krishnasarala/accessing-wcf-service-in-Asp-Net-mvc-application/ .

    Also please try to check this thread:
    #Authenticating call to WCF / Web Service from ASP.Net MVC:
    http://stackoverflow.com/questions/3534992/authenticating-call-to-wcf-web-service-from-asp-net-mvc .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Friday, January 10, 2014 7:30 AM
    Moderator
  • Thanks Amy, but I can't use Windows Authentication, because the MVC site will be using SimpleMembership (if an MVC4 site) or ASP.NET Identity (if an MVC5 site).

    Thanks for the 3rd link (http://stackoverflow.com/questions/3534992/authenticating-call-to-wcf-web-service-from-asp-net-mvc ) but I don't think that helps in my particular situation:

    I do care which user is making the call from the MVC site to the WCF service (e.g. because I only want them to be able to manipulate their data, and not some other user's data) and I also want users to be able to call the WCF service from different clients, e.g. a Windows WPF exe program, so that (for example) the WPF exe can read data from an Excel file on their local pc (which I think is very difficult to allow users to do from the MVC website) and upload it via the WCF service to the site's backend database.

    Any suggestions?

    Many thanks

    Friday, January 10, 2014 9:11 AM