Securing a WCF RESTful service-- can't call it unless authenticated

Question

I'm going to write a RESTful WCF service with webHttp or basicHTTP bindings-- nothing fancy.

However, I would like to secure it so that unless someone has logged into / authenticated against my ASP.Net MVC website they can't use the service. I must be looking in the wrong places because every discussion or article I read about this deals with securing the service calls via certificates or SSL.

That's good to know, but I'm more interested in how to prevent someone from using the service, giving them an error message, unless they're logged in? I'm using forms authentication FWIW but would be interested in learning how to go about this using OAuth as well. Thanks for your tips and advice.

score 1 · Accepted Answer · edited May 23 '17 at 11:57

1

I would say that this is a duplicate question to this one: How do I set oAuth authentication for a WCF REST C# Site . However, the information there is quite limited as well. You can also look at this article: http://weblogs.asp.net/cibrax/archive/2008/11/14/oauth-channel-for-wcf-restful-services.aspx .

edited May 23 '17 at 11:57

Community

1
1

answered May 01 '12 at 17:50

Styxxy

7,462
3
40
45

Thanks for the links-- but you're right, information on this seems scattered and somewhat hard to come by. I wonder if anyone knows of tutorials or how-tos or best-practices for doing this kind of thing? – larryq May 01 '12 at 18:37
Yeah, a encountered that as well in my search for more information. I would say: try to gather as much information as you can and create a nice library or so. – Styxxy May 01 '12 at 19:31

Securing a WCF RESTful service-- can't call it unless authenticated

1 Answers1

Linked