If you are using username authentication, use Membership Provider instead of custom authentication

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

If you are using username authentication in WCF, do not try to implement your own user authentication mechanism. Use the Membership Provider to authenticate users, using username / password combinations.
The membership feature is a good choice as it allows you to enable user name authentication without writing and maintaining custom code.

The Membership Provider can be integrated into a WCF application to authenticate consumers of your service. Use a WCF binding that supports user name/password credentials, such as the WSHttpBinding and set the client credential type to UserName. Configure the membership provider in your configuration file to authenticate users against the membership store.

The following configuration snippet shows how to configure the username authentication with membership provider:
Set the Authentication Type to Username as follows.
….
<wsHttpBinding>
 <binding name="BindingConfiguration">
  <security>
  <message clientCredentialType="UserName" />
   </security>
 </binding>
</wsHttpBinding>
….

Set the Service Credentials configuration to use Membership Provider
….
<serviceBehaviors>
  <behavior name="BehaviorConfiguration">
    ….
    <serviceCredentials>
      <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
        membershipProviderName="MyMembershipProvider" />
    </serviceCredentials>
  </behavior>
</serviceBehaviors>
….

Set the Membership Provider configuration to be used.
….
<membership defaultProvider="MyMembershipProvider" >
  <providers>
    <clear/>
    <add name="MyMembershipProvider"
         connectionStringName="MyConn"
         applicationName="MyAppName"
         type="Provider Type" />
  </providers>
</membership>
….

Last edited Apr 24, 2008 at 12:20 AM by prashantbansode, version 1

Comments

No comments yet.