none
wcf Authentication RRS feed

  • Question

  • hello

    i built a security wcf with username authentication,

    and i also have for each function in the wcf username&password parameters

    (i did it beford the username authentication)

    my question is :can i continue with the username&password for each function or it is a mistake

    thank you

    • Moved by Ego Jiang Friday, May 24, 2013 6:50 AM
    Thursday, May 23, 2013 7:48 AM

Answers

  • Hi,

    You have pass username&password parameters for each function in the wcf. In my mind it can work. And you have a try to see if it throw a error.

    But for some security reason, if your pass the password as parameters in the function, then I think the password would travel unencrypted.

    For that you can use WCF security with username/password authentication, and provide your own custom authenticator. Please try to check the following article for more:

    #How to: Use a Custom User Name and Password Validator:
    http://msdn.microsoft.com/en-us/library/aa702565.aspx.

    Hope it can help you.

    Best Regards.




    Amy Peng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, May 27, 2013 9:23 AM
    Moderator
  • The username and password will be checked by your custom UserNamePasswordValidatorType for each request if you are using custom authentication, so there is no need for the service methods to also take a username and a password as arguments in my opinion.
    Monday, May 27, 2013 3:33 PM

All replies

  • Hi,

    You have pass username&password parameters for each function in the wcf. In my mind it can work. And you have a try to see if it throw a error.

    But for some security reason, if your pass the password as parameters in the function, then I think the password would travel unencrypted.

    For that you can use WCF security with username/password authentication, and provide your own custom authenticator. Please try to check the following article for more:

    #How to: Use a Custom User Name and Password Validator:
    http://msdn.microsoft.com/en-us/library/aa702565.aspx.

    Hope it can help you.

    Best Regards.




    Amy Peng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, May 27, 2013 9:23 AM
    Moderator
  • The username and password will be checked by your custom UserNamePasswordValidatorType for each request if you are using custom authentication, so there is no need for the service methods to also take a username and a password as arguments in my opinion.
    Monday, May 27, 2013 3:33 PM