7

I have a WCF web service that exposes several business methods. I also have two clients - an asp.net GUI and a data migration application that both connect to the wcf backend to invoke various business transactions.

I need my backend to be able to identify and distinguish between which wcf client has made a call to some variant logic.

Is there a way that my WCF service is able to identify clients connected to it? Also is there a way to use a signed key to prevent a client from spoofing their identity?

Hady
  • 2,597
  • 2
  • 29
  • 34
  • Do you have a sample scenario of such an operation that should behave differently depending on the caller? You might want to consider just applying authentication and authorization instead of having operations that behave differently depending on the caller. – Alex Jul 20 '10 at 07:21
  • Yes... we have a couple of scenarios that need to be handled differently in the backend depending on which WCF client is connecting. – Hady Jul 23 '10 at 03:33

2 Answers2

15

You can solve this via a custom header.

You can add a custom header as part of the endpoint in the client application's configuration file. You would then make each client's custom header different. For example, in the ASP.NET version:

        <endpoint
            name="basicHttpEndpoint"
            address="http://localhost:8972"
            binding="basicHttpBinding"
            contract="MySeriveContractLib.IMyService"
            >
            <headers>
                <ClientIdentification>ASP_Client</ClientIdentification>
            </headers>
        </endpoint>

Then the service can check the header value like so:

public void MyServiceMethod()
{
   var opContext = OperationContext.Current;
   var requestContext = opContext.RequestContext;
   var headers = requestContext.RequestMessage.Headers;
   int headerIndex = headers.FindHeader("ClientIdentification", "");
   var clientString = headers.GetHeader<string>(headerIndex);
   if clientString=="ASP_Client"
   {
       // ...
   }
   else
   {
      // ...
   }
}
Andrew Shepherd
  • 44,254
  • 30
  • 139
  • 205
3

In order to identify the type of caller (ASP.NET vs. WInforms or whatever), you probably need to add a custom header to your WCF messages - there's no way the service can know anything about the calling client unless it's part of the message or the headers sent. For this, your best bet is to write a WCF Message Inspector - and this blog post here will show you how to do this.

As for security - depends on your environment. In a corporate LAN behind a firewall - use the Windows credentials. If you're "outside facing", your best bet would be to install digital certificates on the clients to verify their identity.

WCF Guru Juval Löwy has a really good article on MSDN Magazine, Declarative WCF Security, that describes five common security scenarios in WCF and how to implement them. Highly recommended reading.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
  • Is the `Message Inspector` a one to one equivalent to Andrew's answer; simply a different way of doing the same? Or is there a value in using the Inspector? – ΩmegaMan Apr 01 '14 at 14:39