WCF TOKEN BASED SECURITY TYPE FR TRANSPORT LEVEL

Question

Hi I want to implement my custom token based security to wcf.What should I select for transport security mode for token based security.

> >  <security mode="TransportCredentialOnly">
> >             <transport clientCredentialType="None"/>
> >           </security>
> 
> <transport clientCredentialType="None" or "Basic" or else?

Answer 1

Hi Bilgehan,

>> I want to implement my custom token based security to wcf.What should I select for transport security mode for token based security.

What will be the credential for client user? In other words, what username and password did you use to generate such token?

In general, we use custom username and password for client credential, and then generate the token.

You could refer the link below for Token Authenticator.

# Token Authenticator

https://docs.microsoft.com/en-us/dotnet/framework/wcf/samples/token-authenticator

In addition, do you have any issue with thread below? If yes, I would suggest you mark the helpful reply as answer to close the previous thread. If not, I would suggest you keep following.

# WCF Windows Authenticated Single Host Multiple Endpoint AD Restriction

https://social.msdn.microsoft.com/Forums/vstudio/en-US/c68a8bfc-376e-4646-b4d3-378414e04229/wcf-windows-authenticated-single-host-multiple-endpoint-ad-restriction?forum=wcf

Best Regards,

Tao Zhou

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

Answer 2

Hi Tao,

I want to use wcf as rest ,

My Client code something like that ,and send token to me.

   HttpClient restClient = new HttpClient();
 
   restClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);

                                

I create my rest endpoint something like that?In here what should I select <transport clientCredentialType block for this usage?

  <webHttpBinding>
        <binding name="webBindingConfig">


          <security mode="Transport" >

            <!--<transport clientCredentialType="Windows">-->


            <!--</transport>-->
          </security>

        </binding>

      </webHttpBinding>

Answer 3

Hi Bilgehan,

>>restClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);

How will you generate the token? Is it generated by Windows Account or custom username and password?

In other words, how did you generate and valide the token from client?

Best Regards,

Tao Zhou

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

Answer 4

I have custom username password,and own token server.Before I want to call my wcf ,I get token from another token server with username password and send to my wcf host

Answer 5

Hi Bilgehan,

For your requirement, you do not need to set any security mode, and none of them will meet your requirement.

To achieve Token based authentication Rest Service, you could achieve WCF Rest Service first.

Next, we could try to access the Token from Rest Service side by request headers.

Did you host WCF Service in IIS or self-host? If you host in IIS, you could try Global.asax to get the token like below:

    public class Global : System.Web.HttpApplication
    {

        protected void Application_Start(object sender, EventArgs e)
        {

        }

        protected void Session_Start(object sender, EventArgs e)
        {

        }

        protected void Application_BeginRequest(object sender, EventArgs e)
        {
            // variables
            string Token = string.Empty;

            // check for token in header
            if (Request.Headers.AllKeys.Any(k => k == "Authorization"))
            {
                Token = Request.Headers.GetValues("Authorization").First();
            }

            // check for token in cookie
            if (Request.Cookies.AllKeys.Any(k => k == "Authorization"))
            {
                Token = Request.Cookies.Get("Authorization").Value;
            }

            //valide the token by your token generated logic
        }

        protected void Application_AuthenticateRequest(object sender, EventArgs e)
        {

        }

        protected void Application_Error(object sender, EventArgs e)
        {

        }

        protected void Session_End(object sender, EventArgs e)
        {

        }

        protected void Application_End(object sender, EventArgs e)
        {

        }
    }

Best Regards,

Tao Zhou

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.