Geeks With Blogs
Nerdic Canvass Learn.Develop.Share

I thought twice before actually posting this. It was mostly because, of a guilt, that I might be recommending a wrong way of doing things. But then I did realize, that, even if it seems to wrong, it does provide some benefits. Anything that is beneficial, is not necessarily wrong.

The problem at hand is, we want to enable ASMX style Authentication in WCF. Its not that WCF does not do a good job when it comes to Security, but because people are more inclined to send the credentials in clear text. The WCF security model is much more elaborate and it goes a step further to ensure that, ASMX style credentials are really very difficult to implement. Any ways, rather than mandating about wrongs and rights, I would say, the reason migh be not appropriate but this is a important technique which can be utilized. So how do we do it.

Important Interfaces


IEndpointBehavior Interface

Implements methods that can be used to extend run-time behavior for an endpoint in either a service or client application.

IClientMessageInspector Interface

Defines a message inspector object that can be added to the MessageInspectors collection to view or modify messages.


IDispatchMessageInspector Interface

Defines the methods that enable custom inspection or modification of inbound and outbound application messages in service applications.

How does the three work together?

So behaviour is a way of extending an endpoint in WCF. When we try and communicate, with WCF, what it essentially does is, establishes two endpoints on either side, and takes care of sending the message{yes it is SOAP message oriented} from one end point to another. Which means if we add the Service Behaviour on both the side, then we can manipulate the messages before they are sent from one end point and like wise I can play around with the message after it has been recieved it at another endpoint.

That explains IEndpointBehaviorin some good light. What about the other two:
Well as you can guess from the names: IClientMessageInspector is when you can inspect and do something with the message at Endpoint at the client side.

Like wise IDispatchMessageInspector is when you can inspect and do something with the message at Endpoint at the server side.

Need a you have got one. Till then enjoy coding and do not make me the villian for showing you a wrong way of doing things. It might be that the example is weak but the technique is not. :)

Posted on Friday, November 6, 2009 5:49 PM WCF | Back to top

Comments on this post: ASMX Style Authentication in WCF Service

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Sanket Naik | Powered by: