CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 8 of 8
  1. #1
    Join Date
    Sep 2012
    Posts
    5

    Smile WCF Custom User Name Password Validator to read from Database

    I am using a Custom User Name Password Validator in my WCF Service. It works if I hard code the username and password in the validator function, but , I am trying to have my WCF service to validate username and password against those stored in my database, and that part does not work.
    Can some one please let me know if I am supposed to do something else to make it validate against credentials stored in the DB. I have tested the entire database connection and reader related code in the client application and it works. It does not work when I use it in the WCF service.

    Thank you for your help.
    Here is my code:

    Code:
    class CustomUserNamePassValidator : System.IdentityModel.Selectors.UserNamePasswordValidator
        {
            public override void Validate(string userName, string password)        
            {
                string MyUser = "";
                string MyPass = "";
    
                string connectionString = "Initial Catalog=MyDB;Data Source=MyServer;Integrated Security=SSPI";
                SqlConnection MyConnection = new SqlConnection(connectionString);
                try
                {
                    using (MyConnection)
                    {
                        SqlCommand command = new SqlCommand("Exec MyDB.dbo.GetCredentials", MyConnection);
                        MyConnection.Open();
                        SqlDataReader MyReader = command.ExecuteReader();
                        if (MyReader.HasRows)
                        {
                            while (MyReader.Read())
                            {
                                MyUser = MyReader["UserName"].ToString();
                                MyPass = MyReader["Passwrd"].ToString();
                            }
                        }
    
                        MyReader.Close();
                    }
                }
                catch (Exception exp)
                {
                    MyFaultException theFault = new MyFaultException();
                    theFault.Reason = "Database Connection Error: " + exp.Message.ToString();
                    throw new FaultException<MyFaultException>(theFault);
                }
    
                if (userName == null || password == null)
                {
                    throw new SecurityTokenException("security Error: No Credentials Passed");                           
                }
    
                if (userName != MyUser && password != MyPass)
                {
                    throw new SecurityTokenException("security Error: Wrong Credentials Passed");
                }
    
                 //It works if I do it this way
                //if (!(userName == "MyUser" && password == "MyPass"))
                //{
                //    throw new SecurityTokenException("security Error: Wrong Credentials Passed");
                //}
    
                
            }

  2. #2
    Join Date
    Apr 2002
    Location
    Egypt
    Posts
    2,210

    Re: WCF Custom User Name Password Validator to read from Database

    Something is wrong with the logic. you don't pass the username and password to MyDB.dbo.GetCredentials and seems that it returns all the records which is not a good implementation. The performance will be poor.
    Regardless of the performance issue, the variables MyUser and MyPass are overwritten inside the while loop. So if you have multiple records in the database, you're always checking against the last record.
    Try to debug and inspect the values before the check : if (userName != MyUser && password != MyPass).
    Hesham A. Amin
    My blog , Articles


    <a rel=https://twitter.com/HeshamAmin" border="0" /> @HeshamAmin

  3. #3
    Arjay's Avatar
    Arjay is offline Moderator / EX MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,490

    Re: WCF Custom User Name Password Validator to read from Database

    What account is the wcf service running under? Since you are using integrated security to open the database, you'll need to grant the wcf service account access to the database.

  4. #4
    Join Date
    Sep 2012
    Posts
    5

    Re: WCF Custom User Name Password Validator to read from Database

    Arjay

    What account is the wcf service running under? Since you are using integrated security to open the database, you'll need to grant the wcf service account access to the database.
    The sql that this code is running will only return one row with a username and password.
    Your suggestion makes perfect sense to me. In production, the WCF will be running under a service account, but I am still working in development environment. How can I make the web service work as my windows account? I can access the database using windows authentication.

    Thank you.

  5. #5
    Arjay's Avatar
    Arjay is offline Moderator / EX MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,490

    Re: WCF Custom User Name Password Validator to read from Database

    Quote Originally Posted by VKDD View Post
    The sql that this code is running will only return one row with a username and password.
    Your suggestion makes perfect sense to me. In production, the WCF will be running under a service account, but I am still working in development environment. How can I make the web service work as my windows account? I can access the database using windows authentication.

    Thank you.
    How are you hosting the WCF service? Under IIS, in a Windows Service, or something else?

  6. #6
    Join Date
    Sep 2012
    Posts
    5

    Re: WCF Custom User Name Password Validator to read from Database

    Hosting in IIS using service.svc file.

    Thanks.

  7. #7
    Arjay's Avatar
    Arjay is offline Moderator / EX MS MVP Power Poster
    Join Date
    Aug 2004
    Posts
    13,490

    Re: WCF Custom User Name Password Validator to read from Database

    One approach is http://social.msdn.microsoft.com/For...9-dd1de0a27b2d

    Another approach is to add a "NT-Authority\NETWORK SERVICE" as a database user.

    Lastly, read up on http://wcfsecurity.codeplex.com/wiki...le=Solution001

  8. #8
    Join Date
    Sep 2012
    Posts
    5

    Re: WCF Custom User Name Password Validator to read from Database

    Thanks Arjay. That worked perfectly well. I just can't believe it actually works now.
    Thank you again.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured