Question
In our project all WCF services are secured by wsHttpBinding (TransportWithMessageCredential, UserName) option.
It works fine but now we need to implement the security with one more parameter (ClientId).
When a WCF service gets a call it doesn't know what is the DB of the call (where to check user name and password), so at first it should go the "main" database of our company (where all the clients are stored) and get a connection string by ClientId.
How can we implement this?
Solution
I've implemented that in the past by using specially formatted Username strings to allow additional information to be sent. There are no rules around exactly how you send through the username and password in those string fields, so the content could actually be a serialized object, compressed string, or whatever you deem necessary.
I couldn't find any other way to send information along elegantly.
Just parse that information out in your AuthorizationPolicy implementation.
OTHER TIPS
I've solved similar problems with MessageInspectors. Basically, you create an IClientMessageInspector that adds the client id to the message headers, and an IDispatchMessageInspector that reads the client id out of that header, and stores it in an apprpriate place (like a custom implementation of IPrincipal set as the Thread.CurrentPrincipal).
https://stackoverflow.com/questions/14604422
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian