0

I have a scenario where my WCF service is hosted but should return different response to different clients and also different security/authentication options.

How to implement that ? Idea and small model code would be appreciable.

Client A and Client B suppose consumes the service. Client A should be given some data and Client B should be given some other data and also both of them should have different access rights/permissions....

Thank you...

Joe Doyle
  • 6,363
  • 3
  • 42
  • 45
Jasmine
  • 5,186
  • 16
  • 62
  • 114

2 Answers2

1

There's a lot of ways to do this; bottomline is you have to identify the user that's connecting. This can be done using an X509 client certificate, HTTP (basic/digest) authentication or a custom API key (or credentials) that the client sends during each request (in the HTTP headers, in the message headers or simply in a field in the message body).

Once you've got that part figured out, you can let your code decide what to do based on who's making the request.

Community
  • 1
  • 1
CodeCaster
  • 147,647
  • 23
  • 218
  • 272
  • Great thank you, but my scenario is same function name should be used for both clients. How to do ? How the same function can serve different data based on if its Client A or Client B.... – Jasmine Jun 28 '12 at 11:35
  • 1
    @Divine as I explained, in your function, you can read credentials or API key from the (HTTP or Message) headers or body and determine which user is making the request. (Ultimately this should be done by an authentication layer, so in your code you can simply call `GetCallingUser()` or so). Then you can alter your queries (or whatever you use) to something like `select * from Foo where ClientID = user.ClientID`. – CodeCaster Jun 28 '12 at 11:45
  • Perfect thank you so much CodeCaster buddy :) Gave me a kick and idea....Will explore on x509 client certificate part more....Thank you so much again :) Cheers – Jasmine Jun 28 '12 at 11:58
0

Set user and password in your service web.config in encrypted form. Then on calling function client has to pass username and password.In that way you are able to identify which client requesting service and authenticated or not

SMK
  • 2,098
  • 2
  • 13
  • 21