Authentication Service using WCF

by

Your auth service should return a token if the auth is successful. This token in turn should then be presented to the HR service.

You have a couple of options as to what the HR service does at this point. It can either know the secret to validate the token, or it needs to call the auth service to validate the token.

The token should be some value that can be validated if you know the secret, so it could something, say the users id, that is symmetrically encrypted. Ideally it should have a time component in it to prevent replay attacks.

I’d suggest some something like

<hash value>|<token issue time>|<user id>

The hash value should be hash (sha1, md5, etc) of everything after the first pipe. You can then base64 encode the result and pass it around. Validating the token could then check the issue date was within a certain time-frame.

You also have the option of storing the token in the client in a cookie and passing as a cookie to the services, or making it a parameter on your services. There may be other options, depending on your client architecture & how you want to structure your services.

More Related Contents:

  1. Understanding WCF Windows Authentication
  2. Pattern for calling WCF service using async/await
  3. Queuing in OneWay WCF Messages using Windows Service and SQL Server
  4. Web Service without adding a reference?
  5. save data from 2 forms and show it in a 3rd form c# [closed]
  6. Finding the variable name passed to a function
  7. Get the correct week number of a given date
  8. The type is defined in an assembly that is not referenced, how to find the cause?
  9. Read SQL Table into C# DataTable
  10. How should I inject a DbContext instance into an IHostedService?
  11. Is String.Contains() faster than String.IndexOf()?
  12. ASP.NET use SqlConnection connect MySQL
  13. creating WCF ChannelFactory
  14. How to make a call to my WCF service asynchronous?
  15. Different forms of the WCF service contract interface
  16. how to generate a unique token which expires after 24 hours?
  17. Call and consume Web API in winform using C#.net
  18. How to find the reason for a failed Build without any error or warning
  19. CORS Support within WCF REST Services
  20. How to consume a Scoped service from a Singleton?
  21. WCF HttpTransport: streamed vs buffered TransferMode
  22. ASP.net Getting the error “Access to the path is denied.” while trying to upload files to my Windows Server 2008 R2 Web server
  23. Font awesome inside asp button
  24. How do I prevent a WCF service from enter a faulted state?
  25. Regex for Money
  26. Signing SOAP messages using X.509 certificate from WCF service to Java webservice
  27. Is TLS 1.1 and TLS 1.2 enabled by default for .NET 4.5 and .NET 4.5.1?
  28. Can’t find how to use HttpContent
  29. Get first element from a dictionary
  30. How do I get a directory size (files in the directory) in C#?

Leave a Comment