Maintaining authentication between a WCF Client and Service? (workflow provided)

Question

What I want to do is:

1) Authenticate the client for the first call it makes to the WCF service, this will be on a per-user basis rather than a per-application basis.

2) Check the client is authorized to make the call.

3) For subsequent calls to only authorize, with authentication having already been made in step 1 for a previous call.

OR

If the client has connected to a different instance of the service for some reason or the "handshake" is broken to re-authenticate.

I hope this makes sense, does this implicitly happen in WCF using say Username and Password authentication and authorization or do I/is there a way to write something customized? Essentially this is for efficiency.

Many thanks, Fugu

Answer 1

This is called Security context (or security session) and it is possible with message security. The only limitation is that session is handled between single service instance and client proxy (all calls must be done on the same proxy instance).

Here is some basic configuration for allowing Security context:

<wsHttpBinding>
  <binding name="wsHttp">
    <security mode="Message">
      <message clientCredentialsType="UserName" estabilishSecurityContext="true" />
    </security>
  </binding>
</wsHttpBinding>

EstabilishSecurityContext is true by default. When you turn this on WS-SecureConversation protocol is used. First call passes credentials which are authenticated and security token is issued to the client. Next calls use this security token to provide client identity. This behavior is transparent for developer so you don't have to deal with token at all.