Wednesday, March 12, 2014

Validating Username, password and timestamp in WCF

 

Recently I have got an requirement which is to validate username, password and timestamp set in the message header in each call made to WCF.

Following is the solution I came Up with.

 

Validating Username and Password

 

Step 1:

Create a wshttpbinding and add the following configuration.

  1. <wsHttpBinding>
  2.     <binding name="wsHttpBinding" closeTimeout="00:00:10" openTimeout="00:00:10" receiveTimeout="00:00:10" sendTimeout="00:00:10">
  3.       <security mode="Message">
  4.         <message clientCredentialType="UserName" />
  5.       </security>
  6.     </binding>
  7.   </wsHttpBinding>

 

Step 2:

Create a custom username and password validator as below

  1. public class UserValidator : UserNamePasswordValidator
  2.   {
  3.       public override void Validate(string userName, string password)
  4.       {
  5.           if (null == userName || null == password)
  6.           {
  7.               throw new ArgumentNullException();
  8.           }
  9.  
  10.  
  11.           // your validation logic comes under here
  12.          if(!ValidateUser(userName,password))
  13.              throw new FaultException("Invalid username or password");
  14.  
  15.       }
  16.  
  17.      
  18.   }

 

Step 3

Add the following configuration section.

  1. <behaviors>
  2.   <serviceBehaviors>
  3.     <behavior name="ServiceBehavior">
  4.       <serviceMetadata httpGetEnabled="true" />
  5.       <serviceDebug includeExceptionDetailInFaults="false" />
  6.       <serviceCredentials>
  7.         <serviceCertificate findValue="0789B7C8F0018E869EA9DB95B208BFB0C3449A3D"
  8.           x509FindType="FindByThumbprint" />
  9.         <userNameAuthentication userNamePasswordValidationMode="Custom"
  10.           customUserNamePasswordValidatorType="WcfService.MobilityIntegrationService.UserValidator, WcfService.MobilityIntegrationService" />
  11.       </serviceCredentials>
  12.     </behavior>
  13.   </serviceBehaviors>
  14. </behaviors>

 

Validating Timestamp

  1. public class TimeStampValidator
  2.   {
  3.       public void ValidateTimeStamp()
  4.       {
  5.  
  6.           string ns = HybridConfig.GetAppSetting("MessageNamespace");
  7.           int timespanExpiry =-Convert.ToInt32( HybridConfig.GetAppSetting("TimestampExpiry"));
  8.           int i = OperationContext.Current.IncomingMessageHeaders.FindHeader("Timestamp", ns);
  9.  
  10.           //If timestamp is not set in the header
  11.           if(i==-1)
  12.                 throw new FaultException("Invalid Request.Timestamp is not set");
  13.           
  14.           string timestamp = OperationContext.Current.IncomingMessageHeaders.GetHeader<string>(i);
  15.  
  16.           //if timestamp header doesnot contain any data
  17.           if (string.IsNullOrEmpty(timestamp))
  18.               throw new FaultException("Invalid Request.Timestamp is not set");
  19.  
  20.           DateTime timeStampValue = Convert.ToDateTime(timestamp);
  21.  
  22.           if (DateTime.UtcNow.AddSeconds(timespanExpiry) > timeStampValue)
  23.                 throw new FaultException("Invalid Request.Timestamp is expired");
  24.  
  25.  
  26.          
  27.       }
  28.  
  29.       
  30.   }

 

Hope this would help.

Happy Coding !!!

1 comment :

  1. This is very immense information to the developers who are in the stage of beginning in website development.
    Responsive Web Design Companies | Web Designing Company Bangalore

    ReplyDelete