How to identify the Client with WCF?

Topics: General Discussion Forum, July and December Releases Forum, Service Factory Modeling Edition Forum
May 4, 2008 at 9:31 AM
I am now designing a project using WCF.When the client start,the user at client first enters his username and password,then the client will call webmethod to validate his username and password.
If logging successful,the user at client side may do other operation through calling different webmethod on the server.Because the system must record each user doing which operation, so every time when the client call a webmethod,the client must pass userid as an input to server,and each webmethod must have an input represents userid, it takes bother for me.
Is it possible for wcf to store the user info like a session variable when logging, later when the user from the client side calls some webmethods,the server may identify the call is from which user ?
May 6, 2008 at 1:13 AM

well have you looked at useing the asp.net membership system?

you can expose it via WCF and it should work very much like it does with a web site.

users will login with a std login form and then you get Roles and Profile support.

there are some articles on msdn about how to setup to do this.
May 6, 2008 at 10:47 AM
Thanks figuerres,But I am not going to use asp.net, but use window service with wcf as server side, it will wait for the client call...
May 6, 2008 at 4:25 PM
Yo can try to create a Unique Session Id and "serialize it" (any mechanism you want) may be via a Database cointaining the active USIs, with a programed task that will erase the "non active sessions", that way you may ask for your webservice taking the USI as a parameter and verifying if it is a valid one.... just an idea...
Greetings
Developer
May 6, 2008 at 5:38 PM
You may try using the WCF Security Guidance Package and take a look at the username token auth.

More information here:
http://www.codeplex.com/WCFSecurity/Wiki/View.aspx?title=Internet%20%u2013%20Windows%20Forms%20Client%20Calling%20WCF%20Using%20Message%20Security&referringTitle=Application%20Scenarios

Or other scenarios on these useful howTo's:
http://www.codeplex.com/WCFSecurity/Wiki/View.aspx?title=How%20Tos

grouped by scenarios:
http://www.codeplex.com/WCFSecurity/Wiki/View.aspx?title=Application%20Scenarios&referringTitle=Home

Further info about WCF security here:
http://www.theserverside.net/tt/articles/showarticle.tss?id=WCFSecurityLearningGuide
May 9, 2008 at 5:12 PM
Hi all!! Something that I have don is to leave to WCF the Authentication with a CustomValidator, it isn't difficult to implement, it's like to use the ASP .NET Membership system, but with your own classes, so then you must set the message security with Client Credentials, then the client in the proxy must set the credentials, and everytime that an operation is invoked the Authentication methods in the custom class are invoked (you must encode your transmition channel if not you may pass the username and password in clear text!!), so you can register it in the way you want in the Custom Class or use the property OperationContext.Current.RequestContext.RequestMessage.Properties.Security.ServiceSecurityContext.PrimaryIdentity.Name on your service implementation, or you can use the Security Audit Service Behavior, it's very good!!

Hope this helps!!