tags:

views:

47

answers:

1
Q: 

WCF Emulate the Salesforce.com login service

How would I accomplish what Salesforce.com does for logging in with WCF? I would like to have an authentication service that returns a token on a correct login. Then, each set of service calls would pass the token back. I don't want to pass the token on each method call.

What is throwing me is how the session header is part of the binding.

I am also looking for why this is or isn't a good idea. I think it is clean and simple.

Thanks!

 // Create service object   

  binding = new SforceService(); 
  // Invoke the login call and save results in LoginResult   

  LoginResult lr = binding.login("username","password"); 
  if (!lr.passwordExpired) {
  // Reset the SOAP endpoint to the returned server URL   

  binding.Url = lr.serverUrl; 
  // Create a new session header object   

  // Add the session ID returned from the login   

  binding.SessionHeaderValue = new SessionHeader(); 
  binding.SessionHeaderValue.sessionId = lr.sessionId; 
  GetUserInfoResult userInfo = lr.userInfo; 
  } else {
    Console.WriteLine("Your password is expired.");
  }
A: 

I believe you are looking to leverage the Windows Identity Foundation and it's Security Token Service / STS model.

Chris Marisic  2010-06-11 18:14:42
Chris, I am not concerned about providing the token as much as I am trying to use it. I don't understand how to attach it to the binding like SalesForce does or how to pull it out in the service.
Paul Speranza  2010-06-11 18:31:19
If you use WIF you would have all of that baked in, if you wish to implement it all yourself all you need to do is pass around the token in a session cookie and then validate the cookie on each request.
Chris Marisic  2010-06-11 18:50:17
Thanks Chris, I was hoping to to do it without cookies right on the binding. What happens if the client consuming the service is not .Net?
Paul Speranza  2010-06-11 20:42:57
Even if the client isn't .NET they should still be able to handle passing the cookie across the wire otherwise that sounds like a shortcoming of the client.
Chris Marisic  2010-06-14 12:43:22

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability