Wednesday, May 09, 2012

WCF - Authentication and Authorization in Enterprise Architecting

Introduction

In this article I am going to show how to use Authorization and Authentication using a WCF service in Enterprise Architecting standards. This article is about advanced WCF concepts. I am using an error driven approach for better experience with the problems and the solutions.

The core aspects we cover here are:

WCF
ASP.NET Authentication Service
Custom Authentication
HTTP Cookies
Authorization PrincipalPermission Attribute
Thread CurrentPrincipal
Message Interceptors
You will be wondering what the above are. In a quick snap following are the activities involved.

Create a WCF Service Application
Add a AuthenticationService.svc reusing the ASP.NET Authentication Service
Create a User Validator class
Enable Custom Authentication in Global.asax
Return Cookie if valid user
Modify service configuration
Try accessing the Authentication Service in the browser
Create a UtilityService.svc with a method named GetData(int)
Decorate GetData(int) with the PrincipalPermission attribute for Authorized Access only
Decorate the UtilityService class with the AspNetCompatibilityRequirements attribute
Set he Utility Service constructor to set CurrentPrincipal from the Cookie
Create the client application and add references to both services
Create the Authentication Service instance and invoke the Login() method
Receive the cookie and store it
Create the UtilityService instance and invoke GetData()
Attach the Cookie to the UtilityService client
Test the application and ensure proper functioning
Move the cookie attaching code to Interceptors in the Client Application
Move the identity setting code to Interceptors in the Service Application
Modify the service side code to include Role instead of Name
Use Encrypted Ticket for storing User Name and Roles
Retest the application

Read more: Codeproject
QR: Inline image 1

Posted via email from Jasper-Net