Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Languages / C#

Generate username authentication based on basicHttpBinding without certificate

3.54/5 (7 votes)
24 Oct 2013CPOL1 min read 59.5K  
Use basicHttpBinding to create an application for username authentication.

Introduction

A wizard to help you develop a complete WCF service and client based on basicHttpBinding without certificate.

Background

I took up a work to investigate WCF authentication with username. So I researched about basicHttpBinding and wsHttpBinding. In the following article, I will show you how to use wsHttpBinding to communicate with authentication.

And you may know how to build a WCF application. So, this article is not about how to build a WCF application, but how to build a custom username validator and how to build the configuration file.

Using the code

There are two parts of the application, the service part, and the client part.

In the server part, you could build a class named CustomUserNameValidator and inherit UserNamePasswordValidator. And implement the abstract method "Validate". And you can throw an exception when the username and password are invalid.

The custom validator code:

C#
public class CustomUserNameValidator : UserNamePasswordValidator
{
    private const string USERNAME_ELEMENT_NAME = "userName";

    private const string PASSWORD_ELEMENT_NAME = "password";

    private const string FAULT_EXCEPTION_MESSAGE = "UserName or Password is incorrect!";

    public override void Validate(string userName, string password)
    {
        Guarder.Guard.ArgumentNotNull(userName)
            .ArgumentNotNull(password);
        var validateUserName = ConfigurationManager.AppSettings[USERNAME_ELEMENT_NAME];
        var validatePassword = ConfigurationManager.AppSettings[PASSWORD_ELEMENT_NAME];
        var validateCondition = 
            userName.Equals(validateUserName) && password.Equals(validatePassword);
        if (!validateCondition)
        {
            throw new FaultException(FAULT_EXCEPTION_MESSAGE);
        }
    }
}

And the service configuration, you should notice the serviceCredentials element in serviceBehaviors and the security element in the binding element:

XML
<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
  </startup>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="customBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <userNameAuthentication 
              userNamePasswordValidationMode="Custom" 
              customUserNamePasswordValidatorType="EmployeesHost.CustomUserNameValidator, EmployeesHost"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings >
      <basicHttpBinding>
        <binding name="EmployeeQueryBinding_BasicHttp">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service name="EmployeesHost.EmployeesQueryService" behaviorConfiguration="customBehavior">
        <!--For basic http binding endpoint-->
        <endpoint address="http://127.0.0.1:12215/EmployeeQuery" binding="basicHttpBinding" 
                  bindingConfiguration="EmployeeQueryBinding_BasicHttp"
                  contract="EmployeesHost.IEmployeesQueryService">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="http://127.0.0.1:8733/Design_Time_Addresses/EmployeesHost/EmployeesQueryService/" />
          </baseAddresses>
        </host>
      </service>
    </services>
  </system.serviceModel>
  <appSettings>
    <add key="userName" value="your user name"/>
    <add key="password" value="your password"/>
  </appSettings>
</configuration>  

And the client configuration, binding configuration should like the service:

XML
<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
  </startup>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="DefaultBinding_IEmployeesQueryService">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <!--For basic http binding endpoint-->
      <endpoint address="http://127.0.0.1:12215/EmployeeQuery/"
                binding="basicHttpBinding" bindingConfiguration="DefaultBinding_IEmployeesQueryService"
                contract="IEmployeesQueryService" 
                name="DefaultBinding_IEmployeesQueryService_IEmployeesQueryService" />
    </client>
  </system.serviceModel>
  <appSettings>
    <add key="userName" value="your user name"/>
    <add key="password" value="your pass word"/>
  </appSettings>
</configuration> 

Notice

Our point is not building the WCF application, but how to configure the communication and build the Validator. I hope this page will be useful for you to build a WCF application with authentication.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)