如何处理SilverLight 4和WPF应用程序的WCF身份验证

Question

I'm looking for advice in order to deal with WCF Authentication for an application targetting both SilverLight and WPF client interface.

EDIT : Actually, the authentication mode i need is Username/Password combinaison.

In addition, in the future the application should be able to work in full-standalone mode (both client (WPF) and server on the same computer within the same application). So should i don't use WCF in that case ?

EDIT : Another addition, in the future again the application should be able to work in local network client-server mode (but without IIS), like a game. So should i don't use WCF in that case to ? Or any other option ?

Answer 1

You can implement your own validator by inheriting from the UserNamePasswordValidator and setting the customUserNamePasswordValidatorType in your behavior configuration like this:

<behaviors>
            <serviceBehaviors>
                <behavior name="">
                    <serviceMetadata httpGetEnabled="true" />
                    <serviceCredentials>
                        <userNameAuthentication userNamePasswordValidationMode="Custom"
                                                customUserNamePasswordValidatorType="MyNamespace.MyValidator, MyNamespace" />
                    </serviceCredentials>
                </behavior>
            </serviceBehaviors>
        </behaviors>

On the client side you can set the username/password combination into the ClientCredentials.UserName.UserName/Password property of your service.

Answer 2

Check out this solution, using an AuthenticationService. I like it and decided to use it for a tri-platform application (web/SL/WPF)

http://msdn.microsoft.com/en-us/library/system.web.applicationservices.authenticationservice.aspx

Follow the links for sample implementations.

In this manner, you can rely on a classic custom ASP .NET MembershipProvider implementation (even in a standalone client).

Answer 3

IIS is not a requirement for hosting WCF service. Take a look at this link for various hosting options. Also WCF allows communication over various protocols. Take a look at this link for a summary of hosting options based on operating platform and communication protocol.

Answer 4

There are few techniques that can be used for authentication of WCF services (X509 certificates , token , username/password and windows authentication. Selecting the correct credential type is important.

Assuming (since you are using silverlight & WPF) that the setup is within a windows environment you can use windows authentication. To enable windows authentication follow the steps highlighted and host your service on IIS.

Hope this helps and good luck!.

Answer 5

The advantage of using WCF is that if you want to expose a service within the network or to the outside world you can just change/add some additional configurations without any change to the code.

So in your scenario of having both client and server on one machine or within a network is absolutely fine and the easy way is to have 2 end points exposed that deals with your requirements on the same service.

You can get around with one endpoint as well but using different endpoints with different binding mechanism reduces your overhead during authentication. Ex: When you are on the same machine you can use a net:pipe or net:tcp binding When you are within the domain you can use net:tcp or httpbinding.

Performance differs when using different bindings.