I need to implement token authentication between the user of my wcf services and my server.
1- User will request a token with his username, nickname and password from server and server will respond with a token if the credentials are correct?
Question For 1
- Should I create token for every single request or can I make it some storage to use the same token for specific period of time. What is the best way of doing that? any example on the web for this implementation?
- After token creation, where should I store the token? inside a database table or inside the memory? or any other way?
- What should I return if the credentials are wrong?
- how can I prevent the user from sending so many token requests in a short period of time?
2- Then user will use that token to use my service.
Question For 2
- how the client can pass the token to server? along with the query string? what is the best approach of doing that?
Any example or suggestion would be great.
