开发者

Use custom UserNamePasswordValidator or custom Membership Provider

I’m adding authentication for my WCF services, and I’m looking at the UserNamePasswordValidator and the Membership Provider, for me it seems like they do the same, but you g开发者_如何转开发et a lot more user function when using the Membership Provider. Since I only need the user/password authentication, my DB has all the user and role data, I was just thinking of making a custom UserNamePasswordValidator and use this in the service. Does anyone have some pros/cons on which to use in WCf for authentication?

Another thing I’m wondering, since passing ClientCredentials in WCF requires HTTPS, how do you debug the application without getting an exception the authentication?

Thanks for help :)


Both UserNamePasswordValidator and MembershipProvider perform the same thing - they validate user credentials. The difference is only in approach you choose. Membership provider is supported to allow same authentication as used in hosting web application.

You will have another problem. You have mentioned roles. Neither password validator or membership provider deals with them so creating custom password validator will not allow you assigning roles to current identity. It is responsibility of different component in WCF engine - AuthorizationPolicy as well as in ASP.NET pipeline - RoleProvider. WCF allows you using ASP.NET RoleProvider or create cutom authorization.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜