views:

207

answers:

1

I need some help with the architechture of a WCF application. The will be a number of services that should be available to serve a number of different clients, e.g.

  • ASP.Net application (JavaScript and/or Silverlight)
  • iPhone
  • Windows Mobile
  • Android

Some of the services need authentication and some will be available w/o authentication.

I need some advice on the services that need authentication, I want to use username/password credentials over SSL.

How (if possible/recommended for all the client types) should I design this in WCF?

+2  A: 

You can (and should) decouple Authentication from service implementation so that you can vary these independently. This is possible by implementing (or reusing) a ServiceAuthorizationManager.

The nice thing about these is that they can be defined in .config and you can code your entire service without knowing anything about how the user authenticated.

If you need to know more about the user, you can use Thread.CurrentPrincipal.


To implement username/password validation, implement a UserNamePasswordValidator.

Mark Seemann
Thanks, that answer large parts of my problem. Regarding the username/password authentication itself, do you have any recommendations on the implementation?
Fredrik Jansson
Edited my answer to answer that question as well :)
Mark Seemann
Thank you for all help!
Fredrik Jansson