How to keep the username and password in WCF Rest Service

Question

I am working on the WCF REST Service project. The WCF REST will be set on the IIS. The service is to update the database in SQL server. The updated store procedure will get the login username and look for the id on the user table as a parameter. Therefore, the connection to SQL server must use the client’s username and password; I am not able to modify anything on SQL. The client may use website or Cell Phone to consume this Service. I shouldn’t ask the user for providing their username and password on every request in the same season. Does anyone give me an idea or example or link how to deal with this issue?

Thanks.

Answer 1

You could save the information in session state.

Here is some info on using session state http://msdn.microsoft.com/en-us/library/ms972429.aspx

Or you could store it in the cookie http://msdn.microsoft.com/en-us/library/ms178194.aspx

Answer 2

It sounds like you need some authentication mechanism between the client and the server. How to best accomplish this will depend on the client technology. If you use ASP.NET you could consider one of the ASP.NET authentication mechanisms (e.g. forms authentication). Please check out something like: http://msdn.microsoft.com/en-us/library/eeyk640h.aspx. This handles session state in e.g. a cookie or by appending url info. An other and perhaps more cool solution is to use OpenAuth which makes it possible for users to authenticate with their existing e.g. google/twitter accounts or similar. Please check out http://www.dotnetopenauth.net/. I would not recommend writing your own authentication mechanism, but encourage you to use one of the existing frameworks.