Last post Sep 16, 2013 09:59 AM by Michelle Ge - MSFT
Sep 14, 2013 06:11 AM|dabuzz|LINK
I am trying to build an MVC Site that will call a WCF Service that uses custom username password validator so i need to supply credentials with each call.
And my problem is that i cant find any info on how should i store the credentials in a context of application and how determine if the user is actually logged in?
The credentials dont need to be persistent and its ok if they are lost as soon as user closes browser window.
Sep 16, 2013 06:47 AM|ngobw|LINK
You might want to check out the article below. Do note that this is via membership provider, but this would be a good starting point for you. It's windows forms and not MVC but fret not, security in WCF can be done mostly in configuration with minimal coding.
Coding for your situation would be your custom username/password validations.
In general, there are two areas of security in WCF that you need to consider, the transport security and message security. Message security can secure your messages and this is where your username and password credential will be used while transport security
typically can be implemented via SSL. The purpose of this combination is to ensure a complete end-to-end security whereby the message is secured throughout the transit and SSL encryption helps to protect the message cross the network.
How to: Use Username Authentication with the SQL Server Membership Provider and Message Security in WCF from Windows Forms
Hope this is helpful.
Sep 16, 2013 07:51 AM|dabuzz|LINK
Hi and thank you for your reply.
The WCF Service is already implemented and does use secure SSL configuration for transport
BUT as i already said i cant figure out what concept should be used with the MVC itselft.
A normal operation for my site would be
User redirected to login page > User logins > if credentials correct goes to main page otherwise back to login
What i am missing is once user provided the credentials where should i store them since i will need them in the most MVC controllers my site will implement.
Sep 16, 2013 09:59 AM|Michelle Ge - MSFT|LINK
According to your description, we want to call a WCF which uses custom username password validator.
First, we can use Json. We can use MVC to publish Html views to the client browser and for defining pretty URLs in the project. We define all the business rules in a WCF Service that only respond to JSon requests. For more information, please refer to the
Second, userNamePasswordValidationMode allow a value of Custom. We call getTicket() by passing the Name/Password Client Credentials, which returns a Forms Auth cookie for the given user. Later on, we use this cookie to validate subsequent service calls,
rather than continually the original password. For more information, please refer to the link below:
to WCF Forms Based Authentication :
There is a similar thread, please refer to the link below:
Hope it’s useful for you.