wcf-security

I have a WCF service which needs to be called from client side(ajax call). I want to use ScriptManager on ASPX page to add a ServiceReference to the WCF service (or) JQuery ajax call to the WCF service. I want to deny anonymous users accessing the WCF service. Is there any way to do user authentication before calling a service method from JavaScript? how to secure my WCF service calls from client side? There are a number of things you can do to secure your WCF services. Probably the easiest way is if your services are already part of the existing overall ASP.NET application is to enable ASP

I have WPF client consuming WCF service hosted in IIS. For authentication I am thinking of either certificate or user name authentication. Client calls couple of methods in WCF and passes some message. For every call that comes to WCF, I want to authenticate the user. To place message in db, I have to know who is the caller, what is their username and few other properties about the user. How to pass these info[may be a small object] on every call? This is the recommended default behavior - each call to the WCF service gets a new instance of the service, and each call is authenticated and

I am trying to work out why attribute based security isn't working as I'd expect in WCF and I suspect it might have something to do with the following: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); var identity = new WindowsIdentity("ksarfo"); var principal = new WindowsPrincipal(identity); Console.WriteLine("\nChecking whether current user [" + identity.Name + "] is member of [" + groupName + "]"); Console.WriteLine(principal.IsInRole(groupName)); // returns true principal = (WindowsPrincipal)Thread.CurrentPrincipal; identity = (WindowsIdentity) principal

I am trying to do some basic authentication in a WCF RequestInterceptor. I am using this article as a start. The problem I am running into is communicating between the interceptor and the service. Nothing I have tried seems to work. So far, I have tried: OperationContext.Current requestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name]["foo"] = value HttpContext.Current.Request But no matter what I set, I can't seem to access it in the service behavior itself: [AspNetCompatibilityRequirements( RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed )] [ServiceBehavior(

My question is in regards to the best (aka "least painful") way to secure access to a WCF service that is only exposed to our company's internal users. The goal is to ensure that the service is only accessed via a single Windows forms application that each of our users has installed. When the service is called, I want the service to be able to validate that it was called from the permitted application. The service to be secured uses basicHttpBinding, which supports streaming, so I believe I am limited to Transport level security. Below are simplified versions of the <bindings> and <services>