Geek asks and answers

WCF: authentication service or security on tokens?

On the server there is a Dynamic CRM instance ("in place"). It will be used by several sites that run on remote machines (another domain, another Active Directory). The connection between these sites and the CRM instance is carried out using the CRM proxy , the WCF service, which is located next to it (near CRM), processes requests, CRM requests, etc.

This WCF service is facing the Internet. Although secure communication channels are not needed, authentication. We cannot allow random clients to use the services provided by the CRM proxy server.

Thus, the authentication service (cookies?) / Manual transmission of the encoded token (as a parameter for each service operation) / qaru.site/questions/1036543 / ... .

Thank you in advance!

PS: manually coded tokens will be "time sensitive" and hashed several times using some secret keys. A man-in-the-middle might not be such a big problem, as the token might be invalidated upon request.

+5
source share
2 answers

Transferring a hand-coded token is not very elegant. It pollutes your method signatures and makes your duplicates checks everywhere.

, , .

. UserNamePasswordValidator:

:

:

<security mode="Message">
    <message clientCredentialType="UserName"/>
</security>

:

<serviceCredentials>
    <userNameAuthentication 
        userNamePasswordValidationMode="Custom" 
        customUserNamePasswordValidatorType="YourFullUserNameValidatorType"/>
</serviceCredentials>

- . , .

serviceClient.ClientCredentials.UserName.UserName = "username";
serviceClient.ClientCredentials.UserName.Password = "password";

UserNamePasswordValidator , .

. , CA. CA , . , , , .

+8

More articles:


All Articles