authentication - WCF services: passing a token to validate a subscription and get database info -

-

I am creating a smart client application using the net client. A Winforms client connecting through WCF services to recover data from SQL Server 2008. I will send the username / password (encrypted and on HTTPS) and return information such as:

  • This user (under the current address
  • Which server / database should be used in the connection string (not necessarily credentials) because people use different databases based on their subscriptions, etc. You can.

My first call is to send credentials when signing in, which is a lookup. A serigojable class will be used to create the token object (I think this is the way to handle it) which ends with server information, Database information will return.

Pass this token as a parameter for every service agreement (web method) or can I leave all my existing contracts Can I pass the token in a header or any other more universal method?

How do you suggest implementing a token system such as I describe?

< P> Thanks

For one, I only have one TokenID - something specific ID, which clearly identifies the problem of users and their membership - all the time with the "Authentication" call notification There is no need to send the entire set back and forth - only the server side needs the service, so you can leave that information on the server and only if necessary, only consult it in your server code.

First call - Authentication call - Probably will check the credential being sent against the database table against a subscription table, and then after that information (which call on which call will be subscribed And possibly some kind of expiration date / time in a "Valid Collars" table and an ID (a GUID or something) from it. You may limit the "life-span" of TokenID - e.g. It is valid for 30 minutes or more - so that it can not be used continuously after hijacking and successful calls. The generated GUID is then returned from the authentication call as TokenID and can be used as an identifier in each subsequent call.

Things that use the data server are actually no places in the back and forth messages - they are strictly important for the server-side service code - just leave it!

There is definitely a favorite practice to put such a "meta information" that does not have real value information for your calls in the header and search for it there. With the Message Inspector (and) or both - using the OperationContactescope (sample and) on the client and service side - WCF supports it fairly and easily. Both work are fine


Comments

Post a Comment

Popular posts from this blog

oracle - The fastest way to check if some records in a database table? -

-
I have a big table to work with. I have to see that there are some records whose parent_id is equal to my passing value. Currently I do this by implementing "my_table using select count (*) where parent_id =: id"; If the result> 0, it means that they exist. Because this is a very large table, and I do not care what the actual number of records present, I just want to know if it exists, so I think count (*) Bit is disabled. How do I apply this requirement most quickly? I'm using Oracle 10. # Tips for Hibernation & amp; Tricks It suggests writing in such a way: Integer number = (integer) session .createQuery ("Select Count (*) to ...."). UniqueResult (); I do not know what is the magic of the unique rule? Why does it fast? To compare, select "1 from mytable where parent_id = passId and rowrum", which is more efficient? If you are not interested in the number of records, then there is an EXISTS query one: Select 'y'
Read more

php - multilevel menu with multilevel array -

-
Just ask someone to solve this problem? I want to create a multilevel menu I can not find the right solution generated with multilevel array, it always gets an array_push error My study came from the original idea But still my Can not match the need. This is my MySQL [code] ----- --------------------- --------------- | ID | PARENT_ID | Name | Link | Seq | 1 | 0 | Dashboad | Dashboard / | 1 | 2 | 0 | Menu 1 | Menu 1 / | 2 | 3 | 0 | Menu 2 | Menu 2 / | 3 | 4 | 0 | Menu 3 | Menu 3 / | 4 | 5 | 2 | Joint Add / | 1 | 6 | 3 | Joint Add / | 1 | 7 | 2 | Edit | Edit / | 2 | 8 | 4 | Joint Add / | 1 ------------------------------------------ [/ Code] I want to do something like this in my array array ('dashboard' = & gt; array ('id' = & gt; '' 'Dame' = & gt; 'Dashboard', 'Title' = & gt; 'Dashboard', 'MatchMin' = & gt; Base_URL (). 'Dashboard /', 'Active' => = & Gt; NULL), &
Read more

jQuery UI: Datepicker month format -

-
I am trying to change the format of the month that shows in the popup (not in the date that the picker actually I do not have any choice anywhere to do this, do I like to use a sub-string () or something else? What I normally display is Trying to change: Class = "ui-datepicker-title"> January & lt; / span & gt; ... & lt; / div & gt; Div>
Read more