Last post May 16, 2014 05:48 AM by slavik118
May 14, 2014 04:02 AM|mou_inn|LINK
suppose i have a site which is developed with asp.net and the asp.net site interact with web service. now when user login successfully to the site and when site will interact with wcf service then how automatically site can pass user credentials to web service......is
there any way out? if yes then discuss how many ways a asp.net site can pass user's credentials to wcf service. thanks
May 14, 2014 10:02 AM|slavik118|LINK
If you truly want a secure form of communications with your service you should Implement a Secure token service with WCF (below is one of the examples for Azure).
I've deployed my WCF Services (SOAP & REST) on Azure Cloud Platform. I decided to use
Windows Azure Access Control Service (ACS) to secure my WCF Services. ACS supports both
SAML 2.0 (Security Assertion Markup Language) and
SWT (Simple Web Token) tokens, now what exactly is the difference between them.
As you can see, SAML is much more complex than SWT. Moreover, it's easier to read/construct SWT without the help of a library such as
WIF. However, a lot of existing SOAP services use SAML, as it was the only standard. Moreover SAML offers more features than SWT. In general, SAML is designed for the WS-Federation protocol, while SWT is designed for simple HTTP scenarios. To protect web
sites and RESTful services, in most cases we can choose SWT. If we need active federation based on SOAP services, we can use SAML instead. So, to sum up, SAML is more SOAP-ish and SWT is REST-ish. I've played through with both techniques. Eventually, I decided
(for cross-platform reasons) to expose my WCF 4.0 service as REST and use SWT token issued by Windows Azure Access Control Service (ACS) to protect it.
May 15, 2014 04:25 AM|mou_inn|LINK
can u guide me how to implement Secure token service with WCF when i will run my apps in my pc or host in any office pc. give me any good url from where i can get all the details. thanks
May 16, 2014 05:48 AM|slavik118|LINK
Yes sure, follow the links below:
http://code.msdn.microsoft.com/REST-WCF-With-SWT-Token-123d93c0 (I decided to expose my WCF service as REST for cross-plattform reasons, so I used this approach in my project)