C
Curt K
I have been successful consuming a WCF 3.0 service from a 2.0 client. I
would like to embed a token (GUID as string) in the header so I can check
the
token with a session on the server side.
We have a requirement to run on Windows 2000 professional so we have to use
a .net 2.0 client (WCF basicHttpBinding). Changing the server or the client
to make this work is no problem so I do
not have the requirement of changing only the client.
I have a server side authenticate operation that has username and password
params, which returns a token if authenticated, this process starts a very
light weight client side session. I do NOT want to have the token on every
exposed contract method so a SOAP header is the answer.
Now what I want to do is pass this token in the SOAP header with every call
from the client to the server, extract it from the header on the server and
do a security check to ensure the method they have called is accessible by
the client (the client the token belongs to).
I have found a way to extract (or add as far as that goes) the header on the
server, here's some example
code:
int index =
OperationContext.Current.IncomingMessageHeaders.FindHeader("token", "");
string token =
OperationContext.Current.IncomingMessageHeaders.GetHeader<string>(index);
What I do not know how to do is create a 2.0 client that can see this token.
I am familiar with the ASP.Net 1.1 way of creating a soap header.
Any examples out there?
thanks in advance,
Curt
would like to embed a token (GUID as string) in the header so I can check
the
token with a session on the server side.
We have a requirement to run on Windows 2000 professional so we have to use
a .net 2.0 client (WCF basicHttpBinding). Changing the server or the client
to make this work is no problem so I do
not have the requirement of changing only the client.
I have a server side authenticate operation that has username and password
params, which returns a token if authenticated, this process starts a very
light weight client side session. I do NOT want to have the token on every
exposed contract method so a SOAP header is the answer.
Now what I want to do is pass this token in the SOAP header with every call
from the client to the server, extract it from the header on the server and
do a security check to ensure the method they have called is accessible by
the client (the client the token belongs to).
I have found a way to extract (or add as far as that goes) the header on the
server, here's some example
code:
int index =
OperationContext.Current.IncomingMessageHeaders.FindHeader("token", "");
string token =
OperationContext.Current.IncomingMessageHeaders.GetHeader<string>(index);
What I do not know how to do is create a 2.0 client that can see this token.
I am familiar with the ASP.Net 1.1 way of creating a soap header.
Any examples out there?
thanks in advance,
Curt