locked
How to secure different endpoint using webf orms and cookies RRS feed

  • Question

  • User2130616632 posted

    I have one service name service.svc but different endpoint. as of the moment there is no security u can access both endpoints

    1 - endpoint is Login (Login,logout)

    invoke: http://localhost:2013/service.svc/Login/Login 

    2- endpoint for all service (getdata,getdatabypage)

    invoke:http://localhost:2013/service.svc/AllServices/Getdata

    How to secure the 2 endpoint (getdata,getdatabypage)? it can only be accessible until 1 endpoint is validated through login

    added to my service class

    [ServiceBehavior(IncludeExceptionDetailInFaults = true, InstanceContextMode = InstanceContextMode.PerCall)]
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]

    public bool Login(string username, string password)
            {
              
    
                bool returnValue = Authentication.IsUserValid(username, password);
    
                if (returnValue)
                {
                    var ticket = new FormsAuthenticationTicket(
                            1,
                            username,
                            DateTime.Now,
                            DateTime.Now.AddMinutes(1),
                            true,
                            username
                        );
                    string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                    var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                    HttpContext.Current.Response.Cookies.Add(cookie);
                }
                return returnValue;
            }



    <services>
          <service name ="WebService.MCCM_Api"
                   behaviorConfiguration ="Mg">
      
    
            <endpoint  name="Login"
                       address ="/Login"
                       binding ="basicHttpBinding"
                       contract ="WebService.ILoginServiceImpl" />
    
            <endpoint name="WebLogin"
                      address="/WebLogin"
                      binding="webHttpBinding"
                      bindingConfiguration="JSONBinding" behaviorConfiguration="web"
                      contract="WebService.ILoginServiceImpl" />
    
            <endpoint  name="AllServices"
                       address ="/AllServices"
                       binding ="webHttpBinding"
                       bindingConfiguration="JSONBinding" behaviorConfiguration="web"
                       contract ="WebService.IRestServiceImpl" />
    
            <endpoint contract="IMetadataExchange"
                      binding="mexHttpBinding"
                      address="mex" />
          </service>
        </services>
    <system.web>
        <compilation debug="true" targetFramework="4.0" />
        <customErrors mode="Off"></customErrors>
        <authentication mode="Forms">
          <forms loginUrl="login.aspx" timeout="3000" defaultUrl="login.aspx"></forms>
        </authentication>
        <authorization>
          <deny users="?" />
        </authorization>
      </system.web>
    
      <location path="Service.svc">
        <system.web>
          <authorization>
            <allow users="?" />
          </authorization>
        </system.web>
      </location>
    Thursday, December 12, 2013 6:24 AM

Answers