tags:

views:

46

answers:

2
+1  Q: 

Passing private data through a WCF OperationContract method?

Assume I have a method in my WCF Service implementation called Login and it is defined as follows:

[OperationContract]
[WebGet(UriTemplate="login/{username}/{password}")]
bool Login(string username, string password);

Obviously, passing something like http://localhost:80/login/user1/pass1 is not very secure, so how is the is normally handled in a wcf rest scenario?

A: 

One option would be to run your whole site as SSL.

The other as you mention is to send the user name and password in a POST.

Is there a requirement that is forcing you to do this in JS?

Shiraz Bhaiji  2010-09-29 13:32:08
WCF is sort of new to me. Basically, I need an android app to login to the application by doing http://app.com/user/pass, but I don't want to show the user or pass in plain text at least. Can you clarify (show example) of what you mean by sending the username and password in a POST? Does this mean I would have to have two methods, a POST (send user and pass) and a GET (Get value like success login or fail login) or can I retrieve a success and fail message with a POST as well.
Xaisoft  2010-09-29 16:06:34
A: 

The other option would be to do some client side encryption, where the user and password are encrypted via javascript, converted to base64, then called the way you have shown in your code.

This is obviously less safe, because if an attacker knows how you are doing your encryption (by examining your javascript code), then he has a leg up on breaking your encryption. But this, combined with SSL, might be a viable solution for you depending on the sensitivity of your site.

Coding Gorilla  2010-09-29 13:42:10

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?