WCF Security username/password RRS feed

  • Question

  • Hello,
    I was having some doubts of the security model in WCF. Currently i was doing research on the WCF security model and i have chosen to use Message Security with username/password authentication. So basically below is the sample code that i use to call the method to the WCF service.

    CustomerServiceClient svc = new CustomerServiceClient();
    svc.ClientCredentials.UserName.UserName = "username";
    svc.ClientCredentials.UserName.Password = "password";

    As you can see from the above, i have to supply the client credential in order to make the call to the service in the server, is there a way for me to just pass once of the credentials from my client apps, and the identity will be known by the WCF service and for the subsequent call? Any input will be much appreciated. Thanks.

    Chuan Hoe

    Wednesday, October 8, 2008 6:22 AM

All replies

  • Hi,


    Could you clarify your goals?

    Do you want to specify the username and password only once for all the client proxies?

    Do you want to specify the username and password only once for each client proxy?



    Pedro Félix




    Wednesday, October 8, 2008 9:12 AM
  • Hi,
    Thanks for your reply, in fact i'm not pretty sure on how to achieve this, maybe can u share with me your knowledge in this, let say i only want to provide the credential for the first time, and for the subsequent call i only need to pass the identity, please correct me if i am wrong as i am new to WCF, thanks.
    Wednesday, October 8, 2008 10:45 AM
  • Hi,


    You can define a custom ClientCredentials class that caches the username and password. You will have to associate this custom ClientCredentials (which is a endpoint behavior), to all the created proxies/channels.



    Pedro Félix


    Thursday, October 9, 2008 12:52 PM
  • Hi,
    Thanks for the reply, meaning for all the proxies call, we need to supply the client credentials right ? Kindly advise. Thanks.

    Chuan Hoe
    Friday, October 10, 2008 1:05 AM
  • What you may be looking for is called a Secure Conversation in WCF. Learn more about it here:

    • Proposed as answer by Will.Rogers Tuesday, October 14, 2008 12:11 PM
    Friday, October 10, 2008 11:52 AM