Currently I have a service that uses a UserNamePasswordValidator to authenticate the client user. The code for the validation goes as follows:
public override void Validate(String userName, String password)
{
if (userName == null) || (password == null)
throw new FaultException("Username and/or password not specified.");
if (userName != "test") && (password != "tset")
throw new FaultException("Invalid username and/or password.");
}
As you can see, the code will always throw an exception when something is wrong.
Now for the question – Is there any reason I should check whether ServiceSecurityContext.Current.PrimaryIdentity.IsAuthenticated is true inside my OperationContract functions? For example,
public interface IMyService
{
[OperationContract]
void myOpContract();
}
public class MyService : IMyService
{
public void myOpContract()
{
// Do I really need this conditional statement?
if (ServiceSecurityContext.Current.PrimaryIdentity.IsAuthenticated)
// Proceed as expected
else
// Fail?
}
}
Any help would be greatly appreciated.
From several comments in this article – Silverlight 3: Securing your WCF service with a custom username / password authentication mechanism and from various tests – the
if ([...]PrimaryIdentity.IsAuthenticated)section is not required. Throwing a fault inside theUserNamePasswordValidatordoes the trick of aborting the security negotiation.However, one excellent idea on behalf of the author is that leaving the
if ([...]PrimaryIdentity.IsAuthenticated)conditional statement in place helps if in the future a new binding (connection type) is added with no security.