I have just started to create WCF Service for my mobile apps. Currently I have Multiple project in Single Solution.
Authentication function
public List<AuthenticateModel> Authenticate(string UserName, string Password)
{
SimpleMembershipInitializer _initialized = new SimpleMembershipInitializer();
bool validate = System.Web.Security.Membership.ValidateUser(UserName, Password);
AuthenticateModel model = new AuthenticateModel();
if (validate)
{
model.userID = IDUser
}
Return model;
}
Now how can I know same logged in user is calling the another function. If here any way to maintain session as web? Or pass any certificate or token for verification (if yes how to pass token and implement it)?
[OperationContract]
[WebInvoke(UriTemplate = "GetAllrecords/?paramId={paramId}", Method = "GET", ResponseFormat = WebMessageFormat.Json, RequestFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Wrapped)]
List<SomeModel> GetAllrecords(int paramId)
{
Return something; // Return requested data
}
Any help will be greatly appreciated.
If you have the time you should read
http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API
It focus on web api, but discusses the use of tokens.
In our authentication-method we return a generated token that is persisted on the server with user and role.
The webclient (in our case built with angularjs) composes requests with the token in the request header. We then inspect each request in our web api, extract the token and compares it to the persisted token.
There are many solutions, our is not very secure, but it's sufficient for us.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.