WCF Services Sample: Authenticate Silverlight Client based on UserName and Password

In the <<WCF Sevices Sample>> series, I have gone through WCF service creation, hosting, transport protocol supporting. By now our service can be accessed by anyone from anywhere, because we did not authenticate the service caller.

The Windows Communication Foundation (WCF) provides many choice for us on service security. For more information about this subject, please refer to MSDN.

In this blog I'd like to talk about WCF service authentication based on username and password. I'd like to use the sample project as before.

1. Implement a Custom Validator Class

Right-click on the "ServiceHost" solution, Add New Project, select "Visual C#" as project type and "Class Library" as template, Input "WcfServiceAuthentication" as project name, then click "OK" button.

Under the "WcfServiceAuthentication" project, right-click on the "References", select "Add Reference...". Click ".Net" tab, select "System.IdentityModel" and "System.ServiceModel" then click "OK" button.

Rename the "Class1.cs" as "MyUserNamePasswordValidator.cs" and make it derived from "System.IdentityModel.Selectors.UserNamePasswordValidator". Next we need to implement the override Validate() method.

Let's take a look at the MyUserNamePasswordValidator class.

using System.IdentityModel.Selectors;

using System.ServiceModel;


namespace WcfServiceAuthentication
{
    public class MyUserNamePasswordValidator : UserNamePasswordValidator
    {
        public override void Validate(string userName, string password)
        {
            if (userName != "eric.yu" || password != "123456")
            {
                throw new FaultException("Invalid Username or Password");
            }
        }
    }
}

2. Config WCF Service with Security Enabled

Now let's turn to the Web.config of ServiceHost project.

Before we can config the service to use "MyUserNamePasswordValidator ", we should add reference to the "WcfServiceAuthentication" project in the ServiceHost project.

The Web.config updated looks like below.

    
      

        
          
        
        

          
            
            
          
        
      
        

    
      
        <!-- Service Endpoints --&gt
        
        

        

      
    

    

	
        

          
          

          
            
                                    userNamePasswordValidationMode="Custom"/>
          

        

      

    

  

3. Silverlight Client Code

In order to authenticate Silverlight client caller, we must transfer the username and password to the WCF service. The code looks like below:

HTTPS Scenario

EndpointAddress address = new EndpointAddress(");

BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
proxy = new Service1Client(binding, address);

proxy.ClientCredentials.UserName.UserName = "eric.yu";

proxy.ClientCredentials.UserName.Password = "123456";

HTTP Scenario

EndpointAddress address = new EndpointAddress(");


BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.None);

proxy = new Service1Client(binding, address);


proxy.ClientCredentials.UserName.UserName = "eric.yu";


proxy.ClientCredentials.UserName.Password = "123456";

4. Run the Application From VS2008

It's time to test our new application now. First we need to rebuild the solution, then update the service reference. If the service reference updated successfully, visit it from the web browser to confirm that it is activated.

Now Press F5 from VS2008, click "Call Service" button and see what will happen. There are 4 test cases:

1) HTTPS and Username/Password are correct;

2) HTTPS and Username/Password are not correct;

3) HTTP and Username/Password are correct;

4) HTTP and Username/Password are not correct;

The case 1) and 3) will return a message string, but the case 2) and 4) will return error message. That's what we expect.

Download the sample code here.

[@more@]