Plain-Text Username Password Authentification with WCF


If you got it, it’s easy. If you’re starting from scratch it ain’t as easy. We were in need of such a Username+Password Authentification so I started googling around.

I found several articles but had to mash it all together in a trial-and-error session. Now that I am enlightened I want to share my knowledge:

Step 1: Implement an UserNamePasswordValidator class and override the Validate method.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IdentityModel.Tokens;
using System.IdentityModel.Selectors;

namespace sones.Pandora.Database.Hosting
{
    public class UserNamePasswordAuthentification: UserNamePasswordValidator
    {

        public override void Validate(string userName, string password)
        {
            if ((userName != "Username") || (password != "Password"))
            {
                throw new SecurityTokenException("Validation Failed!");
            }
        }
    }
}

Step 2: Edit the App.config file to enable the previously implemented UsernamePasswordValidator.

    <bindings>
      <basicHttpBinding>
        <binding name="CustomAuthentication">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" proxyCredentialType="Basic"/>
          security>
        binding>
      basicHttpBinding>
    bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="SecurityBehavior">
          <serviceCredentials>
            <userNameAuthentication
            userNamePasswordValidationMode="Custom"
            customUserNamePasswordValidatorType="sones.Pandora.Database.Hosting.UserNamePasswordAuthentification, PandoraDB_WebServiceHost_UsernamePasswordAuth"/>
          serviceCredentials>
        behavior>
      serviceBehaviors>
    behaviors>
    <services>
      <service behaviorConfiguration="SecurityBehavior" name="sones.Pandora.Database.Hosting.PandoraDatabaseHost">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="CustomAuthentication"
          name="ep1" contract="sones.Pandora.Database.Hosting.IPandoraDatabaseHost" />
      service>
    services>

In this example the ServiceHost will use no server SSL certificate and therefor allow normal http access instead of just using https ssl. You can configure that behavior with the <security mode=”TransportCredentialOnly”> line. Just change there and define an apropriate certificate and you’re good to go with https / ssl.