This project is read-only.

If you are Using Username Authentication, use Membership Provider Instead of Custom Authentication

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If you are using username authentication in WCF and your users are not in Active Directory, use a membership provider. Do not try to implement your own user authentication mechanism.

The membership feature is a good choice as it allows you to enable user name authentication without writing and maintaining custom code. The Membership Provider can be integrated into a WCF application to authenticate consumers of your service. Use a WCF binding that supports user name/password credentials, such as the wsHttpBinding and set the client credential type to UserName. Configure the membership provider in your configuration file to authenticate users against the membership store.

The following configuration snippet shows how to configure the username authentication with membership provider:
  1. Set the membership provider configuration
    <add name="MyLocalSQLServer"
         connectionString="Initial Catalog=aspnetdb;data source=;Integrated Security=SSPI;"/>


    <membership defaultProvider="MySqlMembershipProvider" >
        <add name="MySqlMembershipProvider"
             type="System.Web.Security.SqlMembershipProvider" />
  1. Set the client credentials to UserName
 <binding name="BindingConfiguration">
  <message clientCredentialType="UserName" />
  1. Set the Service Credentials configuration to use Membership Provider
  <behavior name="BehaviorConfiguration">
      <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
        membershipProviderName=" MySqlMembershipProvider " />

Last edited Jun 12, 2008 at 9:42 PM by prashantbansode, version 1


No comments yet.