tags:

views:

29

answers:

1
+1  Q: 

Use custom UserNamePasswordValidator or custom Membership Provider

Hi!

I’m adding authentication for my WCF services, and I’m looking at the UserNamePasswordValidator and the Membership Provider, for me it seems like they do the same, but you get a lot more user function when using the Membership Provider. Since I only need the user/password authentication, my DB has all the user and role data, I was just thinking of making a custom UserNamePasswordValidator and use this in the service. Does anyone have some pros/cons on which to use in WCf for authentication?

Another thing I’m wondering, since passing ClientCredentials in WCF requires HTTPS, how do you debug the application without getting an exception the authentication?

Thanks for help :)

+1  A: 

Both UserNamePasswordValidator and MembershipProvider perform the same thing - they validate user credentials. The difference is only in approach you choose. Membership provider is supported to allow same authentication as used in hosting web application.

You will have another problem. You have mentioned roles. Neither password validator or membership provider deals with them so creating custom password validator will not allow you assigning roles to current identity. It is responsibility of different component in WCF engine - AuthorizationPolicy as well as in ASP.NET pipeline - RoleProvider. WCF allows you using ASP.NET RoleProvider or create cutom authorization.

Ladislav Mrnka  2010-08-26 07:58:39

related questions

Store user id in Principal or Identity? ASP.Net/OpenID.
Converting Single DB ASP.NET Site into MultiTenant - Membership and Roles Dilema
customize asp.net membership by changing "userid" type to integer
ASP Membership cannot handle encrypted connection strings in web.config
what is the best way to make some pages in asp.net require login?
Looking for a Yahoo Groups (CMS) replacement
Why should I Use ASP.NET Membership security model?
ASP.NET: Does implementing a custom MembershipProvider class needs you to implement a custom Membership class too?
How to set the Principal in an ASP.Net app
How can you test if an ASP.NET membership password will meet configured complexity requirements?
ExpressionEngine Multiple Site Manager and Member Groups
Locking out a user in an ASP .Net Custom Membership Provider
ASP.NET Application to authenticate to Active Directory or SQL via Windows Authentication or Forms Authentication
Not using e-mail address in a custom MembershipProvider?
How to get current user in Asp.Net MVC
programmatic login with .net membership provider
ASP.NET Forms Authentication With Only UserName
Unit test Custom membership provider with NUnit throws null reference error
How to access UserId in ASP.NET Membership without using Membership.GetUser() ?
How can I wire users with their respective folders in ASP.NET?
Grabbing Users with a specific value in their profile
How do you pass an authenticaticated session between app domains
What's the best way to authenticate over WCF?
Memcached chunk limit
ASP.NET Site Maps