I have a WCF service which checks for user authentication before it actually leads to other [OperationContracts] ie. methods. But I am afraid that anybody can consume my methods remotely bypassing the authentication method. Hence I need something like Session that we use in ASP.NET. What's the best solution for this?
Asked
Active
Viewed 234 times
0
Divyang Desai
- 7,483
- 13
- 50
- 76
Sarin Gopalan
- 31
- 1
- 3
-
How is implemented the authentication? Could you share your server configuration? You can use session in a wcf application, but is it related to the security needs? – Ricardo Pontual Sep 16 '16 at 10:09
-
Dear Ricardo, I am trying to make something like the yahoo messenger for example. The thing is that when the client app accesses the server, it would first need to check if the logged in user is authenticated. And then it will fetch the list of users the end user has in his friends list and so on. But the glitch here is that the client can access the second method without even checking for authentication(the first method). Hence I want to use sessions so that only after successful authentication, he should go to the next level. This is possible with sessions. I need a simple solution for this. – Sarin Gopalan Sep 16 '16 at 10:54
-
I understood. I think this link can help you out: http://stackoverflow.com/questions/25064979/how-to-use-https-with-wcf-sessionmode-required-simplest-possible-example – Ricardo Pontual Sep 16 '16 at 11:11