Which authetication can we use in CSLA.net WCF?

Which authetication can we use in CSLA.net WCF?

Old forum URL: forums.lhotka.net/forums/t/10627.aspx

fredg posted on Monday, August 22, 2011

Which authetication options can we use in CSLA.net WCF? Are there any code samples?

RockfordLhotka replied on Monday, August 22, 2011

The Using CSLA 4: Data Portal Configuration ebook is the most comprehensive source of information on this topic (from http://store.lhotka.net).

There are two levels of authentication: application and transport.

The data portal works with the .NET principal to help you implement application level authentication (and the associated authorization). This is pretty easy, and there are several code samples that come with the ebook.

If you want to authenticate the WCF transport connection itself, that requires much deeper understanding of WCF itself, and is generally more complex. The ebook I mentioned earlier has some information, and you'll also need to use the WCF documentation from Microsoft (or other WCF-specific books).

WCF is amazingly flexible, and you can use many types of authentication at the WCF, including Windows AD, certificates, and all sorts of other options. The ebook includes a basic example showing you where you need to write code to control WCF - but it is really up to you to understand all the options and how to configure the server and client proxy to make WCF do what you want.

fredg replied on Tuesday, August 23, 2011

Thanks. If using customer username/password validation, and the username/password is hard coded in code, is it secure? What improvement do you suggest to avoid it? Should we put password into database and extract it using username, then we can use hashing username/password?

Copyright (c) Marimer LLC