65.9K
CodeProject is changing. Read more.
Home

Generate username authentication based on basicHttpBinding without certificate

yafeya
starIconstarIconstarIcon
emptyStarIcon
starIcon
emptyStarIcon

3.54/5 (7 votes)

Aug 25, 2013

CPOL

1 min read

viewsIcon

59496

Use basicHttpBinding to create an application for username authentication.

Introduction

A wizard to help you develop a complete WCF service and client based on basicHttpBinding without certificate.

Background

I took up a work to investigate WCF authentication with username. So I researched about basicHttpBinding and wsHttpBinding. In the following article, I will show you how to use wsHttpBinding to communicate with authentication.

And you may know how to build a WCF application. So, this article is not about how to build a WCF application, but how to build a custom username validator and how to build the configuration file.

Using the code

There are two parts of the application, the service part, and the client part.

In the server part, you could build a class named CustomUserNameValidator and inherit UserNamePasswordValidator. And implement the abstract method "Validate". And you can throw an exception when the username and password are invalid.

The custom validator code: 

public class CustomUserNameValidator : UserNamePasswordValidator
{
    private const string USERNAME_ELEMENT_NAME = "userName";

    private const string PASSWORD_ELEMENT_NAME = "password";

    private const string FAULT_EXCEPTION_MESSAGE = "UserName or Password is incorrect!";

    public override void Validate(string userName, string password)
    {
        Guarder.Guard.ArgumentNotNull(userName)
            .ArgumentNotNull(password);
        var validateUserName = ConfigurationManager.AppSettings[USERNAME_ELEMENT_NAME];
        var validatePassword = ConfigurationManager.AppSettings[PASSWORD_ELEMENT_NAME];
        var validateCondition = 
            userName.Equals(validateUserName) && password.Equals(validatePassword);
        if (!validateCondition)
        {
            throw new FaultException(FAULT_EXCEPTION_MESSAGE);
        }
    }
}

And the service configuration, you should notice the serviceCredentials element in serviceBehaviors and the security element in the binding element: 

<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
  </startup>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="customBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <userNameAuthentication 
              userNamePasswordValidationMode="Custom" 
              customUserNamePasswordValidatorType="EmployeesHost.CustomUserNameValidator, EmployeesHost"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings >
      <basicHttpBinding>
        <binding name="EmployeeQueryBinding_BasicHttp">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service name="EmployeesHost.EmployeesQueryService" behaviorConfiguration="customBehavior">
        <!--For basic http binding endpoint-->
        <endpoint address="http://127.0.0.1:12215/EmployeeQuery" binding="basicHttpBinding" 
                  bindingConfiguration="EmployeeQueryBinding_BasicHttp"
                  contract="EmployeesHost.IEmployeesQueryService">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="http://127.0.0.1:8733/Design_Time_Addresses/EmployeesHost/EmployeesQueryService/" />
          </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>
  <appSettings>
    <add key="userName" value="your user name"/>
    <add key="password" value="your password"/>
  </appSettings>
</configuration>

And the client configuration, binding configuration should like the service: 

<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
  </startup>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="DefaultBinding_IEmployeesQueryService">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <!--For basic http binding endpoint-->
      <endpoint address="http://127.0.0.1:12215/EmployeeQuery/"
                binding="basicHttpBinding" bindingConfiguration="DefaultBinding_IEmployeesQueryService"
                contract="IEmployeesQueryService" 
                name="DefaultBinding_IEmployeesQueryService_IEmployeesQueryService" />
    </client>
  </system.serviceModel>
  <appSettings>
    <add key="userName" value="your user name"/>
    <add key="password" value="your pass word"/>
  </appSettings>
</configuration>

Notice

Our point is not building the WCF application, but how to configure the communication and build the Validator. I hope this page will be useful for you to build a WCF application with authentication.