WCF custom authentication using ServiceCredentials

Published on April 03, 2015 in WCF · Read time 24 minutes

The generally accepted way of authenticating a user with WCF is with a User Name and Password with the UserNamePasswordValidator class. So common that even MSDN has a tutorial , and the MSDN documentation for WCF is seriously lacking at best. The username/password approach does what it says on the tin, you pass along a username and password credential from the client to the server, do your authentication, and only if there is a problem then you throw an exception. It’s a primitive approach, but it works. But what about when you want to do something a little bit less trivial than that? is probably what you need. Source code for this post is available on GitHub . Scenario I should prefix this tutorial with a disclaimer, and this disclaimer is just my opinion. WCF is incredibly poorly documented and at times counter intuitive. In fact, I generally avoid WCF development like the black plague, preferring technologies such as Web API. The saving grace of WCF is that you have full control over a much more substantial set of functionality, and you’re not limited by REST but empowered by SOAP. WCF plays particularly nicely with WPF, my favourite desktop software technology. I’ve never…

Easy WCF Security and authorization of users

Published on July 19, 2014 in WCF · Read time 11 minutes

There are several steps involved in making your WCF service secure, and ensure that clients consuming your service are properly authenticated. WCF uses BasicHttpBinding out-of-the-box, which generates SOAP envelopes (messages) for each request. works over standard HTTP, which is great for completely open general purpose services, but not good if you are sending sensitive data over the internet (as HTTP traffic can easily be intercepted). This post discusses how to take a basic WCF service, which uses , and upgrade it to use WsHttpBinding over SSL (with username/password validation). If you want to become a better WCF developer, you may want to check out Learning WCF: A Hands-on Guide by Michele Lerouz Bustamante. This is a very thorough and insightful WCF book with detailed and practical samples and tips. Here is the basic sequence of steps needed; Generate a self-signed SSL certificate (you would use a real SSL certificate for live) and add this to the TrustedPeople certificate store. Add a UserNamePasswordValidator . Switch our to . Change our MEX ( M etadata Ex change) endpoint to support SSL. Specify how the client will authenticate, using the…

How to create a RESTful web service using WCF (Part 3 of 3)

Published on April 04, 2014 in WCF · Read time 4 minutes

RESTful (Representational State Transfer) web services use HTTP verbs to map CRUD operations to HTTP methods. RESTful web services expose either a collection resource (representational of a list) or an element resource (representational of a single item in the list). Other parts in this series: How to create a RESTful web service using WCF (Part 1 of 3) How to create a RESTful web service using WCF (Part 2 of 3) Testing the WCF service using Fiddler If you haven’t come across Fiddler before, its a very helpful tool for capturing HTTP traffic. Fiddler lets us create HTTP messages and send them to our WCF service, it also shows us the response to our message. HTTP GET We will start by testing the HTTP GET method that we wrote a little earlier (we know for sure that already works). Open Fiddler, click the Composer tab and enter the Url to the web service (the same Url you entered into your web browser earlier). Once done, ensure that GET is selected, and click the Execute button (above). The web service should respond after a couple of seconds, and you can see that response by clicking the Inspectors tab and clicking JSON (shown on the left) HTTP POST/PUT Testing the…

How to create a RESTful web service using WCF (Part 2 of 3)

Published on April 03, 2014 in WCF · Read time 6 minutes

RESTful (Representational State Transfer) web services use HTTP verbs to map CRUD operations to HTTP methods. RESTful web services expose either a collection resource (representational of a list) or an element resource (representational of a single item in the list). Create the WCF service contract Every WCF service begins with a service contract. A service contract defines what operations are supported/provided by the service. An operation contract is the definition of a method that can be invoked by a client application. A WCF service can exist without any operations, but it wouldn’t be of much use. Usually, all the WCF related definitions are placed on an interface, which is implemented on a normal class (this helps keep everything nice and tidy). Although this is not strictly required. Data Contract Before we can get onto the goodness of implementing our WCF service, we need to make a small alteration to our BlogPost.cs model class. A data contract is basically a promise (contract!) that describes the data that can be transferred between the client and the server. A data contract is denoted by the attribute, which is added to each class you want to be serializable. Each…

How to create a RESTful web service using WCF (Part 1 of 3)

Published on April 02, 2014 in WCF · Read time 5 minutes

RESTful (Representational State Transfer) web services use HTTP verbs to map CRUD operations to HTTP methods. RESTful web services expose either a collection resource (representational of a list) or an element resource (representational of a single item in the list).HTTP verbs are used as follows; Create (POST) > create a new resource. Read (GET) > retrieve one or many resources. Update (PUT) > update an existing resourπce. Delete (DELETE) > delete an existing resource. This tutorial demonstrates to how implement a simple RESTful web service using WCF, and how to query it using various jQuery methods (at a high level). Entity Framework code first will be used for data persistence. The program we will create will be for reading, editing and updating a list of blog posts… what else?! By the way, throughout this tutorial I will use the terms RESTful service, web service, and WCF service interchangeably…which is fine for this tutorial (but not in the wild). Project Structure I think its very important to establish the correct project structure before developing a solution, as it can often be hard to change later. Add three new projects; Data , Service and Web (as shown to the left…

Consuming a WCF service without adding a Service Reference

Published on July 29, 2013 in WCF · Read time 2 minutes

A problem I have had with WCF since I first discovered it a few years ago is related to Service References. The fact that I have to rely on the ServiceModel Metadata Utility Tool (Svcutil.exe) to generate a proxy class on my behalf left a sour taste in my mouth. A good solution would be for me to be able to write code myself to take this pain away. A Simple Approach One approach to do this is to take over the responsibility of creating bindings and endpoints yourself in your consuming application to take over this job, and its really a lot simpler than it seems. To make this work, we are going to need to place all of our Service Contracts and Data Contracts into a shared library, which can be consumed by our client application. I suggest creating a new project using the ’ WCF Service Library’ project template; Move your Service Contracts and Data Contracts into the shared library and update your main WCF service application project to reflect the changes (add a reference to the shared library). Consuming the WCF Service Consumption of the service is now reasonably trivial. You need to create a , an and a ; I like to neaten this up a little and create a helper class which hides…