We have made a webservice which manages e-wallets but we have no idea how to authorize our users.
The authenitication is delegated to an identity service wich returns a SOAP.
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<AuthenticateUserByEmailResponse xmlns="http://services.xxxx.xx/">
<AuthenticateUserByEmailResult>boolean</AuthenticateUserByEmailResult>
</AuthenticateUserByEmailResponse>
</soap:Body>
</soap:Envelope>
We've read about BasicHttpBinding and WSHttpBinding but we can't find a similar senario where we just have to worry about authorization.
Do you guys have any suggestions on how to get started?
This sounds like a scenario for Windows Identity Foundation . You will need to do some heavy reading, it's not for the faint of heart.
There's a full example of such a service for download at Microsoft .
WIF or Windows Identity Foundation is a good solution, but if its too heavy, just use Roles-Based Authorization
Article on WCF Roles-Based Authentication: http://msdn.microsoft.com/en-us/magazine/cc948343.aspx
More general article from Microsoft Patterns and Practices on WCF Security: http://msdn.microsoft.com/en-us/library/ff647503.aspx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.