I need some help with the architechture of a WCF application. The will be a number of services that should be available to serve a number of different clients, e.g.
- ASP.Net application (JavaScript and/or Silverlight)
- iPhone
- Windows Mobile
- Android
Some of the services need authentication and some will be available w/o authentication.
I need some advice on the services that need authentication, I want to use username/password credentials over SSL.
How (if possible/recommended for all the client types) should I design this in WCF?
You can (and should) decouple Authentication from service implementation so that you can vary these independently. This is possible by implementing (or reusing) a ServiceAuthorizationManager.
The nice thing about these is that they can be defined in .config and you can code your entire service without knowing anything about how the user authenticated.
If you need to know more about the user, you can use Thread.CurrentPrincipal.
To implement username/password validation, implement a UserNamePasswordValidator.
来源:https://stackoverflow.com/questions/2064191/architechture-of-service-application-in-wcf