My server side contains WCF4 REST services and I’m going to add RIA services for my future SL4 application. Currently I’m doing Basic authentication like this:

var auth = HttpContext.Current.Request.Headers.GetValues("Authorization");

And so on.. You get the idea.. I call this on every request. If header not present or I can’t validate UN/Password – I do this:

outgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"Secure Area\"");

That got me by so far but I’m refactoring my server side. Implementing IoC for linked services. Created custom ServiceHost, ServiceHostFactory, InstanceProvider and all is well.

Now I need to figure how to properly handle authentication and authorization with WCF so I don’t have to manually inspect headers. I do have my custom MembershipProvider so there have to be some method that get’s UN/PW to process.

Any pointers? I looked at http://www.codeproject.com/KB/WCF/BasicAuthWCFRest.aspx but it uses RequestInterceptor and it is not available in WCF4. I found ServiceAuthenticationManager and ServiceAuthorizationManager but there is no samples available on how to code and wire those..

Can anybody suggest which way I should go?