What kind of security do I need for the following WCF Rest scenario?

views:

answers:

+1 Q:

What kind of security do I need for the following WCF Rest scenario?

The Response format can be either JSON or XML.

The clients accessing the Service(s) will be web browsers, IPhones, Android Phones, all kinds of smart phones and other types of devices.

The username and password for the users will be stored in a sql server database.

I can't pass the username and password in the UriTemplate.

There will be SSL.

If there is anything else you would like to know in order to help you help me, just ask?

Basic Authentication over SSL should probably be sufficient unless you are dealing with very sensitive data.

Without knowing more about the application it is difficult to provide a better answer.

Darrel Miller 2010-10-03 22:11:45

Well, the data is sensitive to some degree. Is there a certain level of security compared to others that Basic provides. I also thought Basic was only for Windows users or does it matter since I am storing it in a sql server database. Also, What security credentials would I use. I have seen Transport, Message, etc, but I have no ideas what these mean and I have no idea where to start.

Xaisoft 2010-10-04 00:04:49

@Xaisoft Yes, if you tell WCF to do handle the Basic Auth for you it will try and authenticate against Windows Accounts. What I have done in the past is turn off the Authentication completely and then process the Authorization HTTP header myself manually. How much WCF can help you will depend a whole lot on which version you are using. I hope for your sake you are using .net 4.

Darrel Miller 2010-10-04 00:34:03

I am using .NET 4 and I have heard about using the authorization header and that is one part where I am stuck. Do you have sample code on how I can read the authorization header?

Xaisoft 2010-10-04 01:50:58

ansaurus

tags:

views:

answers:

What kind of security do I need for the following WCF Rest scenario?

related questions