WCF how to pass token for authentication?
I have a WCF service which would like to support basicHttpBinding and webHttpBinding. When the client successfully login, server will generate a token for client to pass to server on all the request make later. Question is how the client can pass the token to server? I don't want to add an extra parameter on every web method to hold the token.
Answer
Typically, the best way to do something like this is passing such "meta-information" in a WCF header. You can easily create a message inspector to extend WCF (it's really not that scary and hard to do!) which would inject the token into every outgoing request from the client, and retrieve it from the header and validate it on the server side.
There are a number of pretty good blog post out there showing you how to create a message inspector:
- Richard Hallgren's WCF postings
- Writing a WCF message inspector
- Automatic Culture Flowing with WCF by using Custom Behaviour
Check out the two relevant interfaces to implement:
- IClientMessageInspector on the client side, which has a
BeforeSendRequestandAfterReceiveReplymessage to implement - IDispatchMessageInspector on the server side, which has a
AfterReceiveRequestandBeforeSendReplymethod to implement