WCF Custom username validator is not working

Question

1.22/5 (2 votes)

See more:

Hi Team,
I am developing a sample WCF service with security, as i am new to WCF i just to establish a connection through username and password(Note: no need of SSL certificate).

I am using the following code,

In service the code is

The interface contains the code,

C#

namespace WcfService
{
   [ServiceContract]
    public interface IWcfService
    {
        [OperationContract]
        string GetData();
    }
}

the inherited class has

C#

namespace WcfService
{
    public class WcfService : IWcfService
    {
        public string GetData()
        {
            return "Sample Service";
        }
    }

    public class CustomValidator : UserNamePasswordValidator
    {
        public override void Validate(string userName, string password)
        {
            if (userName == "manikandan" && password == "manikandan")
            {

            }
            else
            {

            }
        }
    }

}

The web.config in the service is

XML

<system.serviceModel>
        <services>
            <service behaviorConfiguration="WcfService.WcfServiceBehavior" name="WcfService.WcfService">
                <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" contract="WcfService.IWcfService">
                    <identity>
                        <dns value="localhost"/>
                    </identity>
                </endpoint>
                <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
            </service>
        </services>
        <behaviors>
            <serviceBehaviors>
                <behavior name="WcfService.WcfServiceBehavior">
                    <serviceMetadata httpGetEnabled="true"/>
                    <serviceDebug includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
    <bindings>
      <basicHttpBinding>
        <binding name="MyBinding">
          <security mode="None">
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    </system.serviceModel>

And i am consuming the service in the web application as follows,
I am just adding the service reference and invoke the service using the following code,

ServiceReference1.WcfServiceClient client = new WcfServiceClient();
        client.ClientCredentials.UserName.UserName = "manikandan";
        client.ClientCredentials.UserName.Password = "manikandan";
        string state= client.State.ToString();
        string val= client.GetData();
        txtEmpId.Text = val;

where ServiceReference1 is the name for my service

Could you guys see the code and tell me what mistake i made, i placed debugger on every method, the CustomValidator is not firing, so it is not authenticated. How can i secure it, with just username and password without certificate.
Thanks in advance.

Posted 25-Jul-13 1:19am

Manikandan Sekar

Updated 25-Jul-13 1:22am

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2013-07-25T18:41:00

The whole idea is wrong. Hard-coding a password simply makes no sense and is totally unsafe. More generally, storing passwords anywhere is unsafe. This is not how password-based security works. If you think that comparing with a password is needed for authentication, think again. Absolutely not.

Surprised? Disagree? Then please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].

Good luck,

—SA