WCF - Authentication and Authorization in Enterprise Architecting - Online Free Computer Tutorials.

'Software Development, Games Development, Mobile Development, iOS Development, Android Development, Window Phone Development. Dot Net, Window Services,WCF Services, Web Services, MVC, MySQL, SQL Server and Oracle Tutorials, Articles and their Resources

Thursday, June 28, 2012

WCF - Authentication and Authorization in Enterprise Architecting

In this article I am going to show how to use Authorization and Authentication using a WCF service in Enterprise Architecting standards. This article is about advanced WCF concepts. I am using an error driven approach for better experience with the problems and the solutions.

The core aspects we cover here are:
  • WCF
  • ASP.NET Authentication Service
  • Custom Authentication
  • HTTP Cookies
  • Authorization PrincipalPermission attribute
  • Thread CurrentPrincipal
  • Message Interceptors
You will be wondering what the above are. In a quick snap following are the activities involved.
  1. Create a WCF Service Application
  2. Add a AuthenticationService.svc reusing the ASP.NET Authentication Service
  3. Create a User Validator class
  4. Enable Custom Authentication in Global.asax
  5. Return Cookie if valid user
  6. Modify service configuration
  7. Try accessing the Authentication Service in the browser
  8. Create a UtilityService.svc with a method named GetData(int)
  9. Decorate GetData(int) with the PrincipalPermission attribute for Authorized Access only
  10. Decorate the UtilityService class with the AspNetCompatibilityRequirements attribute
  11. Set he Utility Service constructor to set CurrentPrincipal from the Cookie
  12. Create the client application and add references to both services
  13. Create the Authentication Service instance and invoke the Login() method
  14. Receive the cookie and store it
  15. Create the UtilityService instance and invoke GetData()
  16. Attach the Cookie to the UtilityService client
  17. Test the application and ensure proper functioning
  18. Move the cookie attaching code to Interceptors in the Client Application
  19. Move the identity setting code to Interceptors in the Service Application
  20. Modify the service side code to include Role instead of Name
  21. Use Encrypted Ticket for storing User Name and Roles
  22. Retest the application

I guess you came to this post by searching similar kind of issues in any of the search engine and hope that this resolved your problem. If you find this tips useful, just drop a line below and share the link to others and who knows they might find it useful too. 

Stay tuned to my blogtwitter or facebook to read more articles, tutorials, news, tips & tricks on various technology fields. Also Subscribe to our Newsletter with your Email ID to keep you updated on latest posts. We will send newsletter to your registered email address. We will not share your email address to anybody as we respect privacy.


No comments:

Post a Comment