Click here to Skip to main content
14,983,344 members
Articles / Web Development / ASP.NET
Posted 6 Nov 2014


21 bookmarked

WCF Restful Service Form Authentication

Rate me:
Please Sign up or sign in to vote.
4.57/5 (5 votes)
6 Nov 2014CPOL1 min read
WCF Restful Service Authentication without SSL Certificate


WCF Restful Service methods can be accessed by URL only. I had to apply Authentication so that only Authentic users can access that method. I searched a lot to apply WCF Restful Service authentication using username password without SSL Certificate but could not find anything. Then I went for form Authentication.

Using the Code

First, we need to create one WCF service. I have created a service LoginSevice.svc for authenticating users. Also, I have created a user table and an edmx file importing that table.

[AspNetCompatibilityRequirements(RequirementsMode =
   [ServiceBehavior(InstanceContextMode =

   public class LoginService : ILoginService

       TestEntities1 db = new TestEntities1();//Edmx entity Object
       public bool Login(string userName, string password)
           bool returnValue = false;
           UserTable user;
           using (var ctx = new TestEntities())
               user = ctx.UserTables.Where(one => one.UserName == userName).FirstOrDefault();
               if (user != null)
                   returnValue = (user.Password == password);
           if (returnValue)
               var loginTicket= new FormsAuthenticationTicket(
               string encryptedTicket = FormsAuthentication.Encrypt(loginTicket);
               var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
           return returnValue;

Now, we define OperationContract in ILoginService as shown below:

   public interface ILoginService
       bool Login(string userName, string password);

Now, I added one more class for defining Restful Service Method named RestfullServiceMethod.

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]
public class RestfullServiceMethod
    [WebInvoke(UriTemplate = "/GetTest",
    RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)]
    public string GetTest()
        return "test";

Now in service web.config file, we need to change authentication mode to Form add apply Authorization like Allow user Deny User like below:

    <!-- For Edmx Connection String-->
    <add name="TestEntities" connectionString="
    provider=System.Data.SqlClient;provider connection string=&quot;
    Data Source=.;Initial Catalog=Test;User ID=sa;
    providerName="System.Data.EntityClient" />

    <compilation debug="true" targetFramework="4.0">
        <add assembly="System.Data.Entity, 
        Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <!--For apply authentication Mode form-->
    <authentication mode="Forms">
    <!--For Access only Authorized user -->
      <deny users="?" />
   <location path="LoginService.svc">
        <allow users="?" />
    <modules runAllManagedModulesForAllRequests="true">
      <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, 
      System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" 
    multipleSiteBindingsEnabled="true" />
        <standardEndpoint name="" helpEnabled="true" 
        automaticFormatSelectionEnabled="true" />

Now, I need to consume that WCF Service normally Restful service method can call by URL using webRequest class but I need to apply authentication. That way, I validate the user first and pass that token in header request. For testing these, I have created one webapplication and that service Reference to that webapplication. Now, I am explaining the code of how to call that service in our webapplication after adding reference:

using System.ServiceModel;
using WebApplication1.LoginService;
using System.ServiceModel.Channels;
using System.Net;
using System.IO;
using System.Xml; 

namespace WebApplication1
  public partial class WebForm1 : System.Web.UI.Page
        protected void Page_Load(object sender, EventArgs e)
            var sharedCookie = string.Empty;
            bool isValid;
            string data = string.Empty;
           var authClient = new LoginServiceClient();
          using (new OperationContextScope(authClient.InnerChannel))
              isValid = authClient.Login("test", "abc123");
              if (isValid)
               var response = (HttpResponseMessageProperty)
               sharedCookie = response.Headers["Set-Cookie"];
          if (isValid)
                var request = 
                request.Timeout = 30000;
                request.Method = "POST";
                request.ContentType = "text/xml";
                request.Headers["Cookie"] = sharedCookie;
                HttpWebResponse res = null;
                res = (HttpWebResponse)request.GetResponse();
                Stream responseStream = res.GetResponseStream();
                var streamReader = new StreamReader(responseStream);
                string str = string.Empty;
                str = streamReader.ReadToEnd();
                lblResult.Text = str;

We can also get user detail by that authentication token in RestfullService class:

[WebGet(UriTemplate = "/GetTest", 
RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)]
        public string GetTest()
          string testcookie = HttpContext.Current.Request.Cookies
          FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(testcookie);
          string UserName=authTicket.Name;
          return "test";


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Software Developer (Senior)
India India
No Biography provided

Comments and Discussions

QuestionPlease Upload SourceCode Pin
NF Khan15-Mar-17 22:11
MemberNF Khan15-Mar-17 22:11 
Questionhave you consider to post this as a tip? Pin
Nelek8-Nov-14 12:54
protectorNelek8-Nov-14 12:54 
GeneralYou should submit to our IoT Tutorial Contest Pin
Kevin Priddle7-Nov-14 10:31
professionalKevin Priddle7-Nov-14 10:31 
QuestionRe: You should submit to our IoT Tutorial Contest Pin
Nelek8-Nov-14 12:52
protectorNelek8-Nov-14 12:52 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.