Information
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

How to: Customize User Login When Using the WCF Authentication Service

This topic shows how to validate customized credentials to authenticate users when you call the ASP.NET authentication service by using Windows Communication Foundation (WCF). Typically, authentication requires only a user name and password. However, in some cases you might have to verify a user's identity by using additional credentials, such as an identification number.

You use the WCF implementation of the authentication service when you want to log a user in from a client application that can send and consume a SOAP 1.1 message, such as a Java application.

To validate customized credentials for authentication

  1. In the Global.asax file of the Web application, create an event handler for the Authenticating event.

  2. In the handler, read the contents of the CustomCredential property of the handler's AuthenticatingEventArgs parameter, and then authenticate the values.

    The following example shows how to read two authentication values from the CustomCredential property and then pass them to a custom authentication class named StudentAuthentication.

    
    void AuthenticationService_Authenticating(object sender, System.Web.ApplicationServices.AuthenticatingEventArgs e)
    {
        string studentid = String.Empty;
        string answer = String.Empty;
    
        string[] credentials =
            e.CustomCredential.Split(new char[] { ',' });
        if (credentials.Length > 0)
        {
            studentid = credentials[0];
            if (credentials.Length > 1)
            {
                answer = credentials[1];
            }
        }
    
        try
        {
            e.Authenticated =
                StudentAuthentication.ValidateStudentCredentials
                (e.UserName, e.Password, studentid, answer);
        }
        catch (ArgumentNullException ex)
        {
            e.Authenticated = false;
        }
    
        e.AuthenticationIsComplete = true;
    }
    
    
    
  3. In the Application_Start method of the Global.asax file, bind the event handler for the Authenticating event.

    The following example shows how to bind a handler to the Authenticating event.

    
    void Application_Start(object sender, EventArgs e) 
    {
        System.Web.ApplicationServices.AuthenticationService.Authenticating += 
            new EventHandler<System.Web.ApplicationServices.AuthenticatingEventArgs>(AuthenticationService_Authenticating);
    
    }
    
    
    
  4. Call the authentication service from an application that can consume a SOAP message from a Web service, and pass the extra values to be authenticated in the CustomCredential property.

The previous code examples show a custom authentication class that throws the ArgumentNullException if any of the parameters are null. Your code must handle any exceptions that are raised during validation.

Always access the authentication service by using the Secure Sockets Layer (SSL), using HTTPS protocol.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

Show:
© 2014 Microsoft