WCF Authentication Service

The Windows Communication Foundation (WCF) authentication Service enables you to use ASP.net membership to authenticate users from any application that can send and use SOAP messages. This can include applications that do not use the. NET framework. Therefore, users of these different applications do not need to use separate credentials for each application. When using any client application, users can log in to the application by providing the same credentials. This section makes a practical analysis of several key points for using the WCF authentication Service.
Create a WCF Authentication Service

System.Web.ApplicationServices.AuthenticationService is the default authentication service class provided by. Net. The AuthenticationService class contains four methods that should be accessed only through WCF services: isLoggedIn, Login, Logout, and ValidateUser methods. To invoke these methods, enable the authentication service on the Web server, and then connect the WCF-compliant client application to the Web service.

To enable the user to log on, pass the user credentials to the login method. If the credentials are valid, the AuthenticationService class creates an authentication cookie, and if the authentication cookie has not expired and you know that the user's credentials are authenticated, you do not have to verify the credentials again.

Note You cannot use cookie-free authentication through the AuthenticationService class.

AuthenticationService can cause two events: authenticating and Creatingcookie. Authenticating event occurs when authenticating user credentials. Create an event handler for the authenticating event to customize how user credentials are validated. The Creatingcookie event occurs when the authentication cookie is set after validating the user credentials. Create an event handler for the Creatingcookie event to customize the authentication cookie.

The ValidateUser method checks the user credentials used for authentication, but the method does not return an authentication ticket. Use the ValidateUser method when the user has previously logged in and must check that the credentials are still valid at the beginning of the new application session.

Now create a new. svc file, and if you use the default System.Web.ApplicationServices.AuthenticationService class to provide the Membership Authentication service, you can delete the default generated interface files and class files, and then modify the. svc file, as follows As shown:

<%@ ServiceHost language= "C #"
    
service= "System.Web.ApplicationServices.ProfileService"
    
%>

If you want to implement a custom membership service, you only need to create an event handler for the authenticating event.

First, create an authenticating event handler, as shown in Listing 10-28.

Code listings 10-28 Authenticating event handlers

void Authenticationservice_authenticating (object sender, System.Web.ApplicationServices.AuthenticatingEventArgs e)
    
{
    
    if (E.username.indexof ("@xuanhun. com") >= 0)
    
    {
    
        e.authenticated = membership.providers[" Xuanhunsqlprovider "]. ValidateUser (E.username, E.password);
    
    }
    
    ElseIf (E.username.indexof ("@xuanbing. com") >= 0)
    
    {
    
        e.authenticated = membership.providers[" Xuanbingsqlprovider "]. ValidateUser (E.username, E.password);
    
    }
    
    else
    
    {
    
        e.authenticated = Membership.Provider.ValidateUser (E.username, E.password);
    
    }
    
    E.authenticationiscomplete = true;
    
}

In the authenticating event handler shown in the preceding code, three membership providers are used to authenticate the user, respectively, by a custom Xuanbingsqlprovider, The default membership provider configured in the Xuanhunsqlprovider and configuration files. Sets the authentication status of the current user after validation.

After you finish writing the authenticating event handler, you need to bind the handler for the authenticating event in the Application_Start method of the Global.asax file. The code looks like this:

void Application_Start (object sender, EventArgs e)
    
{
    
    System.Web.ApplicationServices.AuthenticationService.Authenticating + =
    
        new eventhandler< System.web.applicationservices.authenticatingeventargs> (authenticationservice_authenticating);
    
}