Hello,
I try to make a unique WCF service connection, which will be the entry point for different applications authentication. All clients application will pass through the same service to authenticates clients. And all applications will provide to this service an ApplicationAuthentication derived class, which contain their own authentication method. Each ApplicationAuthentication derived class have a specific Name.
I have already setup a WCF service + X509 certificate (test only) + Custom UserNamePasswordValidator class.
Clients can establish connection to service, and the validate(username,password) method is correclty called.
My purpose is now to provide differents behaviour in the validate method:
indeed, using MEF, I inject a list of potential ApplicationAuthentication classes, provided by the differents applications.
The issue is : how can I decide which ApplicationAuthentication is the good one, without be able to have other parameters than UserName and Password in validate method ?
To simplify, I wouldlike to have a third parameter
string applicationName, to make something like that :
public class Authentication : UserNamePasswordValidator
{
IEnumerable<authenticationapplication> _authenticationApplicationList =
public override void Validate(string userName, string password, string applicationName){
if(!_authenticationApplicationList.Where(a => a.Name == applicationName)
.First()
.Authenticate(username, password))
throw new SecurityTokenException("Access is not granted");
}
}</authenticationapplication>
using classes like
class App1 : ApplicationAuthentication
{
String Name { get {return "appli1";} }
Boolean Authenticate (String userName, String password)
{
return true;
}
}
class App2 : ApplicationAuthentication
{
String Name { get {return "appli2";} }
Boolean Authenticate (String userName, String password)
{
return false;
}
}
Then, on client side, I could obtain differents behaviours for the same username+password, according to another parameter ApplicationName..(I assume that String isn't good parameter type, but it's just for tests..)
As for now, I'm using the UserName variable to send Username and Password, then I'm using the Password variable to send the ApplicationName... But I'm not happy with this solution...
Note : the reason I'm doing that : I have to make a global authentication service, but I have to reuse existing specific bases and logins already uses by each application... In second time, we could make a unique dataBase, a unique username/pwd, then GrantAccess if user have rights for this or this application..
I tried to make my own ClientCredentialType, but this solutions didn't worked,
I tried to set parameters into UserNamePasswordValidator, but of course Validate method is called first..
Do you have any idea about this can of implemention, please?
Thanks in advance