m-y m-y - 5 months ago 34
C# Question

WCF WebService Security: How do I use security on a WebService?

I created a simple .NET WebService (it just passes back a string). How do I modify the server side (and possibly the client side) so that it also uses a username/password to validate before sending a response?

Client Code:

static void Main(string[] args)
UpdateClient client = new UpdateClient("UpdateSOAPIIS");

client.ClientCredentials.UserName.UserName = "Michael";
client.ClientCredentials.UserName.Password = "testpassword";

String response = client.GetString("New York, NY");


if (client != null) client.Close();

Server Code:

public virtual GetStringResponse GetString(GetStringRequest request)
return new GetStringResponse("Search Location: " + request.location);


I recommend reading Juval Lowy's excellent article Declarative WCF Security. He describes five common scenarios (intranet, internet, b2b, anonymous, no security at all) and shows what that means, how to accomplish that etc.

He even goes as far as creating declarative attributes that you can basically just put on your service declaration and be done with it.

Those security scenario should really cover at least 80%, if not 95% of your typical cases. Study them and use them! Highly recommended