Validating Username, password and timestamp in WCF

-

 

Recently I have got an requirement which is to validate username, password and timestamp set in the message header in each call made to WCF.

Following is the solution I came Up with.

 

Validating Username and Password

 

Step 1:

Create a wshttpbinding and add the following configuration.

  1. <wsHttpBinding>
  2.     <binding name="wsHttpBinding" closeTimeout="00:00:10" openTimeout="00:00:10" receiveTimeout="00:00:10" sendTimeout="00:00:10">
  3.       <security mode="Message">
  4.         <message clientCredentialType="UserName" />
  5.       </security>
  6.     </binding>
  7.   </wsHttpBinding>

 

Step 2:

Create a custom username and password validator as below

  1. public class UserValidator : UserNamePasswordValidator
  2.   {
  3.       public override void Validate(string userName, string password)
  4.       {
  5.           if (null == userName || null == password)
  6.           {
  7.               throw new ArgumentNullException();
  8.           }
  9.  
  10.  
  11.           // your validation logic comes under here
  12.          if(!ValidateUser(userName,password))
  13.              throw new FaultException("Invalid username or password");
  14.  
  15.       }
  16.  
  17.      
  18.   }

 

Step 3

Add the following configuration section.

  1. <behaviors>
  2.   <serviceBehaviors>
  3.     <behavior name="ServiceBehavior">
  4.       <serviceMetadata httpGetEnabled="true" />
  5.       <serviceDebug includeExceptionDetailInFaults="false" />
  6.       <serviceCredentials>
  7.         <serviceCertificate findValue="0789B7C8F0018E869EA9DB95B208BFB0C3449A3D"
  8.           x509FindType="FindByThumbprint" />
  9.         <userNameAuthentication userNamePasswordValidationMode="Custom"
  10.           customUserNamePasswordValidatorType="WcfService.MobilityIntegrationService.UserValidator, WcfService.MobilityIntegrationService" />
  11.       </serviceCredentials>
  12.     </behavior>
  13.   </serviceBehaviors>
  14. </behaviors>

 

Validating Timestamp

  1. public class TimeStampValidator
  2.   {
  3.       public void ValidateTimeStamp()
  4.       {
  5.  
  6.           string ns = HybridConfig.GetAppSetting("MessageNamespace");
  7.           int timespanExpiry =-Convert.ToInt32( HybridConfig.GetAppSetting("TimestampExpiry"));
  8.           int i = OperationContext.Current.IncomingMessageHeaders.FindHeader("Timestamp", ns);
  9.  
  10.           //If timestamp is not set in the header
  11.           if(i==-1)
  12.                 throw new FaultException("Invalid Request.Timestamp is not set");
  13.           
  14.           string timestamp = OperationContext.Current.IncomingMessageHeaders.GetHeader<string>(i);
  15.  
  16.           //if timestamp header doesnot contain any data
  17.           if (string.IsNullOrEmpty(timestamp))
  18.               throw new FaultException("Invalid Request.Timestamp is not set");
  19.  
  20.           DateTime timeStampValue = Convert.ToDateTime(timestamp);
  21.  
  22.           if (DateTime.UtcNow.AddSeconds(timespanExpiry) > timeStampValue)
  23.                 throw new FaultException("Invalid Request.Timestamp is expired");
  24.  
  25.  
  26.          
  27.       }
  28.  
  29.       
  30.   }

 

Hope this would help.

Happy Coding !!!

Comments

  1. UnknownMarch 21, 2014 at 6:48 AM

    This is very immense information to the developers who are in the stage of beginning in website development.
    Responsive Web Design Companies | Web Designing Company Bangalore

    ReplyDelete
  2. Hannah JaneMarch 21, 2019 at 12:36 AM

    This comment has been removed by the author.

    ReplyDelete

Post a Comment

Popular posts from this blog

Responsive Web Design

-
Image
  What it is A web application developed based on the responsive web design concept will adopt the layout of the application based on the screen size and orientation. As the user switches from their laptop to iPad, the website should automatically switch to accommodate for resolution, image size and scripting abilities. In other words, the website should have the technology to automatically respond to the user’s preferences. This would eliminate the need for a different design and development phase for each new gadget on the market. When designing a web in responsive manner same HTML content will be maintained, but it will be viewed in different layouts when user switches among different browser sizes. In that way website can server the users by changing the layout of the content so user can view it in more user friendly manner, without too many scrolling. How the layout changes will be discussed under topic Design patterns   Pros Increasing your reach to tablet and ...
Read more

Contract First Development in WCF 4.5

-
Image
WCF 4.5 supports contract first development. Means it allows to create all the data contract classes can be auto generated using the WSDL. one of the advantage in using the is if we start developing the service from the data contracts & then generating the WSDL we might end up in creating from data contracts with .net specific data types. But when using contract first development as WSDL is xml based only xml based data types are allowed to create so no .net specific contract will be created. This feature can be very useful when WSDL file is produced through design phase either by a solution architect or through mutual parties that agree on a contract prior to development and build phases.  When this is the case, either the contract can be created for a future service implementation or contracts can be created so that developers can begin coding for the client side of an interface prior to the endpoint being available. The contract-first tool is integrated into Visual Studio 2...
Read more

Affine Cipher in C#

-
Image
  The affine cipher is a type of monoalphabetic substitution cipher , wherein each letter in an alphabet is mapped to its numeric equivalent, encrypted using a simple mathematical function, and converted back to a letter. The formula used means that each letter encrypts to one other letter, and back again, meaning the cipher is essentially a standard substitution cipher with a rule governing which letter goes to which. As such, it has the weaknesses of all substitution ciphers. Each letter is enciphered with the function , where is the magnitude of the shift. For more information on affine cipher visit here Following code is written in c# which has the affine cipher algorithm   public static string AffineEncrypt( string plainText, int a, int b) {      string cipherText = "" ;        // Put Plain Text (all capitals) into Character Array      char [] chars = plainText.ToUpper().ToCharArray();        // Compute e(x) = (ax + b)(mod m) ...
Read more