Provide only one time service client credentials ?

Question

5.00/5 (1 vote)

See more:

Hi,

I am trying to configure wcf security (authentication / authorization ) with membership provider. For role based and authentication i have successfully configured it. All is working fine. I have few questions and doing google from one to two days but cant find a solution.
My question is when i call a service by adding service refrence and then call in this way.

C#

var client = new Service1Client();
               client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;

               client.ClientCredentials.UserName.UserName = "username";
               client.ClientCredentials.UserName.Password = "password";

All is working fine. My concern is do i have to give credentials each time when i call the wcf service. Or is there any mechanism to authenticate one time the user and later use this authenticated user without giving credentials again.
Secondly, i am using the service with certificate is there any way to use authentication/authorization without the use of certificate.
Third, for authentication this piece of code is working fine. Is it enough or i have to make some other service and then make custom validator to validate the user name and password.
<usernameauthentication usernamepasswordvalidationmode="MembershipProvider" membershipprovidername="DefaultMembershipProvider">
Thanks in advance.

Posted 30-Jul-15 1:28am

sajid zafar_Iqbal

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Member 11873526 · Answer 1 · 2015-09-02T19:27:00

Hello sajid zafar_Iqbal

Currently you are using Direct Authentication which is always requires a Credential before calling the service.

If you ask to expertise then then will simply suggest you that use the Brokered Authentication mechanism where you have to send your Credential once and in revert of that you will get a Token number and the same token number you have to send to Service while consuming. then Service will validate the token and if token Life cycle is valid then service will execute your request.

I have been told by other guys to use this as they use to call it One time authentication.

But in my opinion, there is no one time authentication exists. as in Direct Authentication we always use Credential but in Brokered Authentication we get the Token from Third party then every time we are sending that token to service.

In both case Validation exists. Then how we can say that we have only one time authentication.

If possible for you then kindly go through with Direct & Brokered Authentication. You will get the proper answer.

Let me know if my post has resolve your query or not.

Regards
Anil Shah