wcf-security

I've got a simple client-server application based on TcpClient/TcpListener and SslStream. Clients can authenticate themselves to the server using a X509Certificate or by sending a user name and password after the SslStream has been established. WCF makes use of the System.IdentityModel namespace for authentication purposes, but apparently that can be used in arbitrary applications--which sounds interesting. Information on how to do this is sparse though (or my Google foo is weak today). So, my question is: What do I need to do to integrate System.IdentityModel with my application? I'm not sure

Is there a way to use the same username and password from the membership provider for a WCF service authentication? if so, which binding does it supports? I need to extract a profile variable from the user currently calling the service. Thanks for any help. Basically any binding that accepts username/password as client credentials for message security can be configured to use the ASP.NET membership provider. Check out this MSDN docs on how to use the ASP.NET Membership provider in WCF - you need to configure your binding for client credentials of type "UserName" <bindings> <wsHttpBinding> <!--

I created a proxy of a Web Service with Visual Studio 2008, and it created for me the following entry in the app.config: <system.serviceModel> <bindings> <basicHttpBinding> <binding name="MyNameHandlerSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32"

i create a wcf service and hosted it on windows azure. The wcf service is a https one. When ever i call the service the client needs a certificate to verify its authenticity. When i type the service url on broswer it asks for a verifying certificate and the serivce runs. So far so good. Now i need to access the same service in an MVC 4 application. So i made a simple ajax call. <script> $(document).ready(function () { $("#GetAdjustedSalary").click(function () { var salary = parseFloat($("#salary").val()); var infalation = parseFloat($("#inflation").val()); $.ajax({ url: "https://newtonsheikh

I'm using a custom UserNamePasswordValidator, which instantiates and logs in to our internal API. This API exposes an event that's fired when the user is "kicked" (by another administrative user), and I'd like to respond to this by killing the WCF session, so that further calls throw an exception. How do I go about doing this? My WCF service is hosted in a Windows service (not IIS). Instantiating and logging in to the internal API takes quite a long time, so I can't do it on every service call. If you expect that service will authenticate each user call with user name and password than you can

Related to this question , I'm instantiating a connection to our internal API inside my custom UserNamePasswordValidator. Can I stash this somewhere so that I can use it in future calls in that user's session? This is similar to this question , but I'm not using IIS, so I can't use HttpContext.Current (or can I?). Update: Some context: our internal API is exposed via a COM object, which exposes a Login method. Rather than have a Login method in my service interface, I've got a custom UserNamePasswordValidator , which calls the Login method on the COM object. Because instantiating the COM