locked
How to pass asp.net credential to wcf RRS feed

  • Question

  • User88744855 posted

    suppose i have a site which is developed with asp.net and the asp.net site interact with web service. now when user login successfully to the site and when site will interact with wcf service then how automatically site can pass user credentials to web service......is there any way out? if yes then discuss how many ways a asp.net site can pass user's credentials to wcf service. thanks

    Wednesday, May 14, 2014 4:02 AM

Answers

All replies

  • User1565039490 posted

    If you truly want  a secure form of communications with your service you should Implement a Secure token service with WCF (below is one of the examples for Azure).

    I've deployed my WCF Services (SOAP & REST) on Azure Cloud Platform. I decided to use Windows Azure Access Control Service (ACS) to secure my WCF Services. ACS supports both SAML 2.0 (Security Assertion Markup Language) and SWT (Simple Web Token) tokens, now what exactly is the difference between them.

    SAML SWT
    Protocol support WS Trust, WS-federations (SOAP based) OAuth WRAP and OAuth 2.0 (HTTP REST)
    Cryptographic differences Tokens are signed using asymmetric keys (which provides CA verification, and revocation) Tokens are signed using symmetric keys

    As you can see, SAML is much more complex than SWT. Moreover, it's easier to read/construct SWT without the help of a library such as WIF. However, a lot of existing SOAP services use SAML, as it was the only standard. Moreover SAML offers more features than SWT. In general, SAML is designed for the WS-Federation protocol, while SWT is designed for simple HTTP scenarios. To protect web sites and RESTful services, in most cases we can choose SWT. If we need active federation based on SOAP services, we can use SAML instead. So, to sum up, SAML is more SOAP-ish and SWT is REST-ish. I've played through with both techniques. Eventually, I decided (for cross-platform reasons) to expose my WCF 4.0 service as REST and use SWT token issued by Windows Azure Access Control Service (ACS) to protect it.

    Wednesday, May 14, 2014 10:02 AM
  • User88744855 posted

    can u guide me how to implement Secure token service with WCF when i will run my apps in my pc or host in any office pc. give me any good url from where i can get all the details. thanks

    Thursday, May 15, 2014 4:25 AM
  • User1565039490 posted

    Yes sure, follow the links below:

    http://code.msdn.microsoft.com/REST-WCF-With-SWT-Token-123d93c0  (I decided to expose my WCF service as REST for cross-plattform reasons, so I used this approach in my project)

    http://code.msdn.microsoft.com/Windows-Azure-AD-Access-0dcde385

    http://code.msdn.microsoft.com/CSAzureACSAndODataToken-f8175e4d

    http://code.msdn.microsoft.com/How-to-use-Azure-ACS-b5750512

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, May 16, 2014 5:48 AM