Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m working on a solution where I have a WPF project that is using a WCF DataService which is located in another ASP .NET project to access the data.
I need to provide a level of security which ensures that only authenticated users can access the service. Having surfed the net I’ve broken my head trying to accomplish that. What is the proper way to implement that?
I did this in the past where the WCF’s
Loginmethod would create a user object, assign the user object a Token (in my case, it was a GUID), and store it internally on the WCF server in anAuthenticatedUserslist.Any other WCF call required the token as a parameter. It would check if a user existed in the
AuthenticatedUserslist with that token, and would return an error if the no User with that token existed. An added benefit is I would always know who made the WCF call without needing them to pass in a User Id.I also stored a
LastActivityDateTime with the User objects on the server. Each WCF call would refresh this value, and providing theAuthenticatedUserslist on the WCF server had at least one value, a Timer ran on the server which would check the AuthenticatedUsersLastActivityvalue and delete the user if they had been inactive for over 20 minutes.