WCF: Authentication Service or token-based security?

Question

There\'s a Dynamic CRM instance on a server (\"on-premises\"). It will be used by a few sites that run on distant machines (another domain,

Answer 1

For the question above the preivous answer is good enough. However, I want to suggest another approach: Custom Token Authentication.

It is more poweful by giving a possibility to create/support Custom Service Credentials which are created based on the authentification token (UserName).

In my case I have encrypted access token which holds all needed information for the access: user name, user groups (authorization information), validation period, ect.

In your case it can be UserName & Password. The Credential will hold the information about your user and can be used later on in the code.

See the following link for implementing Custom Token Authentication: https://docs.microsoft.com/en-us/dotnet/framework/wcf/samples/token-authenticator