WCF Login a user and keep information

StackOverflow https://stackoverflow.com/questions/19947885

  •  30-07-2022
  •  | 
  •  

Question

I started a WCF Data Services 5.6 / EF6 and WPF application. The user starts the application and is presented with a login screen, where he enters his username & password. This information is kept in the database and is used to validate his rights, usergroups, etc (application-specific and has nothing to do with SetEntitySetAccessRule).

Now, when I perform CRUD operation on an entity, the service needs to check if the user has rights to perform that operation.

So my question is: how can the user details be queried before every operation? Should an instance of the user be kept on the server? (More than one user can connect to the service)

Was it helpful?

Solution

The solution is to use a custom message header that is added to every call (you create a token after the initial log in and then send that token on every subsequent call - the token needs some kind of time currency and some extra property so that its source can be determined with a high degree of confidence to avoid spoofing). The following article describes what you want to do in the context of user authentication:

http://www.codeproject.com/Articles/352678/Add-Custom-Message-Header-in-WCF-4-Calls

OTHER TIPS

WCF Instancing could be a way where you can choose the instancing mode to "PerSession". This will keep the session alive for the user.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top