WCF Data Services uses the normal authN/authZ components of the vanilla WCF stack. How do you host your service (typically in IIS) and what kind of authentication scheme are you using?
Up vote 3 down vote favorite 2 share g+ share fb share tw.
So, I swear i'm utterly confused by how to secure WCF Data Services. In that, is there a simplified way of checking to make sure that the client that is sending the data to the WCF Service is authenticated more so, that the client itself is the client I wrote and not some mock client? Any URL"s that can help me decode this problem?
Wpf wcf link|improve this question asked Aug 7 '10 at 11:20Scott Barnes910311 62% accept rate.
WCF Data Services uses the normal authN/authZ components of the vanilla WCF stack. How do you host your service (typically in IIS) and what kind of authentication scheme are you using? Update: The Astoria/WCF Data Services team has an excellent blog post series on WCF Data Services and Authentication: blogs.msdn.com/b/astoriateam/archive/tag....
I'm looking to use a custom database approach. In that I want the client to hand down a username,password,key to WCF DataServices. I basically want to avoid keeping state and always assume the client asking for the query (CRUD) is lying and validate each time.
– Scott Barnes Aug 8 '10 at 23:38.
I'm using an API key to "secure" my services over HTTPS and only allow access to specific IP addresses with IIS. Just override OnStartProcessingRequest() like so: protected override void OnStartProcessingRequest(ProcessRequestArgs Args) { // allow the metadata to be retrieved without specifying an API key by appending $metadata on the end if (Args.RequestUri.Segments.Last(). Replace("/", String.
Empty)! = "$metadata") { // check if a valid API key has been passed in (see Configuration. Xml) if (!IsValidAPIKey(Args.
OperationContext. RequestHeaders"APIKey")) throw new DataServiceException("Invalid API key"); } base. OnStartProcessingRequest(Args); } private bool IsValidAPIKey(string PassedAPIKey) { if (!String.
IsNullOrEmpty(PassedAPIKey)) { Guid APIKey; // Configuration. APIKeys is just a simple list that reads from an XML file if (Guid. TryParse(PassedAPIKey, out APIKey) && Configuration.APIKeys.
Exists(x => x. Key == APIKey)) return true; } return false; } My XML file: My client side: base. SendingRequest += (s, e) => { e.Request.Headers.
Add("APIkey", "your-api-key-here"); }.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.