WCF Security-Credentials and CookieContainer vs ASMX

Topics: Service Factory Modeling Edition Forum
Mar 31, 2009 at 5:32 PM
We protect our Web Services with a Third Party application that is implemented as an ISAPI filter that sits on the Web Site Hosting the Web Services. The ISAPI filter is responsible for taking the Credentials passed to it from the calling consumer of the service and Authenticating the credentials and Authorizing whether the consumer has access to the service (resource). Does both Authentication and Authorization.

In our ASMX Web Services the client code (consumer of the service) only had to assign its credentials and create a Cookie container:
Where clientProxy has already been instaniated and inherits from the type System.Web.Services.Protocols.SoapHttpClientProtocol

// Web service we are calling is protected by a ISAPI filter so just pass network credentials
// and let ISAPI filter get the SecurityCookie
clientProxy.CookieContainer = new CookieContainer();

clientProxy.Credentials = new System.Net.NetworkCredential(“UserName”, “Password”);

With a "WCF Web Service" the proxy does not inherit from type SoapHttpClientProtocol
So how do we set the Credentials and CookieContainer for use with the ISAPI filter?

Apr 1, 2009 at 12:48 PM
In case of a WCF web serivce, you can use the WCF proxy properties to set the credentials.
For further information about the settings and scenarios that you can use in WCF, take a look at this guidance:

You will also find a whole bunch of how-to articles with easy steps to configure these scenarios.