Validating Username, password and timestamp in WCF

 

Recently I have got an requirement which is to validate username, password and timestamp set in the message header in each call made to WCF.

Following is the solution I came Up with.

 

Validating Username and Password

 

Step 1:

Create a wshttpbinding and add the following configuration.

  1. <wsHttpBinding>
  2.     <binding name="wsHttpBinding" closeTimeout="00:00:10" openTimeout="00:00:10" receiveTimeout="00:00:10" sendTimeout="00:00:10">
  3.       <security mode="Message">
  4.         <message clientCredentialType="UserName" />
  5.       </security>
  6.     </binding>
  7.   </wsHttpBinding>

 

Step 2:

Create a custom username and password validator as below

  1. public class UserValidator : UserNamePasswordValidator
  2.   {
  3.       public override void Validate(string userName, string password)
  4.       {
  5.           if (null == userName || null == password)
  6.           {
  7.               throw new ArgumentNullException();
  8.           }
  9.  
  10.  
  11.           // your validation logic comes under here
  12.          if(!ValidateUser(userName,password))
  13.              throw new FaultException("Invalid username or password");
  14.  
  15.       }
  16.  
  17.      
  18.   }

 

Step 3

Add the following configuration section.

  1. <behaviors>
  2.   <serviceBehaviors>
  3.     <behavior name="ServiceBehavior">
  4.       <serviceMetadata httpGetEnabled="true" />
  5.       <serviceDebug includeExceptionDetailInFaults="false" />
  6.       <serviceCredentials>
  7.         <serviceCertificate findValue="0789B7C8F0018E869EA9DB95B208BFB0C3449A3D"
  8.           x509FindType="FindByThumbprint" />
  9.         <userNameAuthentication userNamePasswordValidationMode="Custom"
  10.           customUserNamePasswordValidatorType="WcfService.MobilityIntegrationService.UserValidator, WcfService.MobilityIntegrationService" />
  11.       </serviceCredentials>
  12.     </behavior>
  13.   </serviceBehaviors>
  14. </behaviors>

 

Validating Timestamp

  1. public class TimeStampValidator
  2.   {
  3.       public void ValidateTimeStamp()
  4.       {
  5.  
  6.           string ns = HybridConfig.GetAppSetting("MessageNamespace");
  7.           int timespanExpiry =-Convert.ToInt32( HybridConfig.GetAppSetting("TimestampExpiry"));
  8.           int i = OperationContext.Current.IncomingMessageHeaders.FindHeader("Timestamp", ns);
  9.  
  10.           //If timestamp is not set in the header
  11.           if(i==-1)
  12.                 throw new FaultException("Invalid Request.Timestamp is not set");
  13.           
  14.           string timestamp = OperationContext.Current.IncomingMessageHeaders.GetHeader<string>(i);
  15.  
  16.           //if timestamp header doesnot contain any data
  17.           if (string.IsNullOrEmpty(timestamp))
  18.               throw new FaultException("Invalid Request.Timestamp is not set");
  19.  
  20.           DateTime timeStampValue = Convert.ToDateTime(timestamp);
  21.  
  22.           if (DateTime.UtcNow.AddSeconds(timespanExpiry) > timeStampValue)
  23.                 throw new FaultException("Invalid Request.Timestamp is expired");
  24.  
  25.  
  26.          
  27.       }
  28.  
  29.       
  30.   }

 

Hope this would help.

Happy Coding !!!

Comments

  1. This is very immense information to the developers who are in the stage of beginning in website development.
    Responsive Web Design Companies | Web Designing Company Bangalore

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete

Post a Comment

Popular posts from this blog

Responsive Web Design

Affine Cipher in C#

Contract First Development in WCF 4.5