About two weeks ago I published on CodeProject.com the article called WCF Client Server Application with Custom Authentication, Authorization, Encryption and Compression.
It offers solution to this complex situation (very unlikely that you’ll have all these constraints):
- Client-server application – http protocol – NO IIS
- Authentication – user/password from a database – NO SSL/X509 certificate
- Authorization – roles from a database
- Encryption for the credentials (with option for the entire request/response)
- Compression for both the request and response.
It is in 2 parts, part 1 contains the logic, considerations about WCF and security, how to use the code. The second part contains explanations about the implementation.
I was surprised by the large numbers of views (more than 15.000), because there are few WCF readers compared with ASP.NET readers for example (this can be seen extremely well in the percentage of WCF monthly published articles on codeproject – about 1%). Probably a big contribution had the fact that the article quickly became first on google and bing searches for wcf client server keywords (though I don’t know how long it will stay there).
Hence, the article had more than 60 codeproject bookmarks and more than 20 comments – most of the comments praising the organization and the explanations. And it ranked 5 (so far) in March popularity top (from about 400 articles).
I'm sure that 90% of the people that read this article won't use it in this form (all things combined together); some will use only the custom authentication/authorization; some the encryption and some the compression - as starting examples for their specific projects.