Limiting access to a WCF REST (webHttpBinding) Service using the ASP.NET Membership Provider?

Asked 26/1, 2009 at 19:49 Answered 26/1, 2009 at 22:48

Solved asp.net wcf web-services rest webhttpbinding

I have found a lot of material on the web about using the ASP.NET Membership Provider with the wsHttpBindings, but I haven't seen any reference to using it with webHttpBindings.

I am looking for a system that will work in two scenarios:

The user is logged into an asp.net website and the website is making calls to the service.
The user accesses the service directly via REST.

Is this possible using the built in framework (i.e. just through configuration)? If so how do I configure the service? And how does the user pass the credentials to the REST service?

Poff answered 26/1, 2009 at 19:49 Comment(0)

The best source I've found is here: http://www.leastprivilege.com/FinallyUsernamesOverTransportAuthenticationInWCF.aspx

The site also has tons of other information about setting up HTTP Modules to handle basic authentication (which I'm guessing you'll be using since it is kind of the standard).

The HTTP Module authentication method is located on Codeplex with sample code and everything here: http://www.codeplex.com/CustomBasicAuth

Tentacle answered 26/1, 2009 at 22:48 Comment(1)

Could you please answer #9584698 ? – Sawn 6/3, 2012 at 13:8

ADO.NET Data Services you mean?

You can build a QueryInterceptor for an entity and limit the access to it. For example:

    [QueryInterceptor("foo_entity")]
    public Expression<Func<foo_entity, bool>> FilterMembership()
    {
        MembershipUser user = Membership.GetUser();
        Guid userGuid = (Guid)user.ProviderUserKey;
        return c => c.UserId == userGuid;
    }

Searcy answered 26/1, 2009 at 20:6 Comment(0)

Recommended topics

Hot tags