WCF Custom Authentication with more than 2 parameters

Question

0.00/5 (No votes)

See more:

Hello,

I try to make a unique WCF service connection, which will be the entry point for different applications authentication. All clients application will pass through the same service to authenticates clients. And all applications will provide to this service an ApplicationAuthentication derived class, which contain their own authentication method. Each ApplicationAuthentication derived class have a specific Name.

I have already setup a WCF service + X509 certificate (test only) + Custom UserNamePasswordValidator class.
Clients can establish connection to service, and the validate(username,password) method is correclty called.

My purpose is now to provide differents behaviour in the validate method:
indeed, using MEF, I inject a list of potential ApplicationAuthentication classes, provided by the differents applications.

The issue is : how can I decide which ApplicationAuthentication is the good one, without be able to have other parameters than UserName and Password in validate method ?

To simplify, I wouldlike to have a third parameter string applicationName, to make something like that :

C#

public class Authentication : UserNamePasswordValidator
{
  IEnumerable<authenticationapplication> _authenticationApplicationList = //MEF injection... consider that this a list containing App1 and App2 objects.
  public override void Validate(string userName, string password, string applicationName){
    if(!_authenticationApplicationList.Where(a => a.Name == applicationName)
                                  .First()
                                  .Authenticate(username, password))
         throw new SecurityTokenException("Access is not granted");
  }
}</authenticationapplication>

using classes like

C#

class App1 : ApplicationAuthentication
{
   String Name { get {return "appli1";} }
   Boolean Authenticate (String userName, String password)
   {
         return true; // in test we don't care about the credentials
   }
}

class App2 : ApplicationAuthentication
{
   String Name { get {return "appli2";} }
   Boolean Authenticate (String userName, String password)
   {
         return false; // in test we don't care about the credentials
   }
}

Then, on client side, I could obtain differents behaviours for the same username+password, according to another parameter ApplicationName..(I assume that String isn't good parameter type, but it's just for tests..)

As for now, I'm using the UserName variable to send Username and Password, then I'm using the Password variable to send the ApplicationName... But I'm not happy with this solution...

Note : the reason I'm doing that : I have to make a global authentication service, but I have to reuse existing specific bases and logins already uses by each application... In second time, we could make a unique dataBase, a unique username/pwd, then GrantAccess if user have rights for this or this application..

I tried to make my own ClientCredentialType, but this solutions didn't worked,
I tried to set parameters into UserNamePasswordValidator, but of course Validate method is called first..

Do you have any idea about this can of implemention, please?

Thanks in advance

Posted 24-Nov-11 1:16am

leonfr

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Berman Felix · Answer 1 · 2011-11-24T01:56:00

Solution 1

If it is appropriate to require applications to use client certificate when sending requests to your WCF service, you can create a different X509 certificates for each application. Then you'll be able to distinguish applications by parameters of X509 certificate attached to the request.

Posted 24-Nov-11 1:56am

Berman Felix

Comments

leonfr 24-Nov-11 8:39am

Thanks for your answer,
yes it could be a solution, I'll try to find more information on that way.

But actully the issue description i gave above is simplified, i.e. i have more than one more field to analyse in the validate method, like 'environment' for example. And we can have more than one environment for the same application.
(ex : appli1 => env DEV, TESTS, etc.. appli2 => env DEV, etc..)
So if I well understand, it will multiply certificates by applications by environment: no less than 6 certificates for 2 applications and 3 environments..