Best guidance for One time user authentication & wcf service

i am new in wcf service and i have seen people always send user credential when they made any function call of wcf service like the below way.

private static void Main(string[] args)
 {
    ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(
         delegate { return true; });

     var client = new WcfServiceClient();
     client.ClientCredentials.UserName.UserName = username;
     client.ClientCredentials.UserName.Password = password;
     Console.Write(client.GetData(1));
     client.Close();
     Console.Read();
 }

i want that i will pass user credential once and after authentication user can call any service function many time without credentials. so guide me how to design that kind of service. looking for small sample code which help me to learn & implement. thanks

Answers


You would need to enable sessions on your service and then your client can establish a session with the service. This can only happen while the same channel is used to communicate with the service.

In your above code, for example, the session would be terminated when you called Close().

In order for you to establish a security context once and then re-use it you need to establish a secure session, which means that a security token is retrieved once and then used repeatedly for subsequent operation calls.

However this is only available for certain bindings, and does not work with basicHttpBinding.

UPDATE

The second link I posted outlines two different ways to expose a service with secure session. Unfortunately client code is not included in the article.

The client code can be either generated using svcutil.exe (or Add Service Reference in VS), or you can use the WCF Channel stack to create a client on on the fly using the assembly containing the service operation and data contract definitions.

If you configure secure session in the <system.servicemodel/> configuration section using one of the standard WCF bindings, the binding configuration can be copied and pasted into the client config and this is all that is necessary for the client to use secure sessions.

So the WCF stack handles this for you. Hope this is clear.


Need Your Help

Executing coded UI test from a target machine's mstest(standalone). Dll's/Files needed!! :(

unit-testing visual-studio-2012 mstest coded-ui-tests

i set up mstest on target machine as standalone program without installing visual studio. So i copied the files(*.exe's,dll's) mstest needed to the target machine and register all dlls in gac which

Representing logic as data in JSON

json algorithm

For business reasons we need to externalize some conditional logic into external files: preferably JSON.