How to: Customize User Login When Using the WCF Authentication Service

This topic shows how to validate customized credentials to authenticate users when you call the ASP.NET authentication service by using Windows Communication Foundation (WCF). Typically, authentication requires only a user name and password. However, in some cases you might have to verify a user's identity by using additional credentials, such as an identification number.

You use the WCF implementation of the authentication service when you want to log a user in from a client application that can send and consume a SOAP 1.1 message, such as a Java application.

To validate customized credentials for authentication

  1. In the Global.asax file of the Web application, create an event handler for the Authenticating event.

  2. In the handler, read the contents of the CustomCredential property of the handler's AuthenticatingEventArgs parameter, and then authenticate the values.

    The following example shows how to read two authentication values from the CustomCredential property and then pass them to a custom authentication class named StudentAuthentication.

    Sub AuthenticationService_Authenticating _
       (ByVal sender As Object, _
        ByVal e As System.Web.ApplicationServices.AuthenticatingEventArgs)
        Dim studentid As String = String.Empty
        Dim answer As String = String.Empty
        Dim credentials As String() = _
             e.CustomCredential.Split(New Char() {","c})
        If (credentials.Length > 0) Then
            studentid = credentials(0)
            If (credentials.Length > 1) Then
                answer = credentials(1)
            End If
        End If
            e.Authenticated = _
                StudentAuthentication.ValidateStudentCredentials _
                (e.Username, e.Password, studentid, answer)
        Catch ex As ArgumentNullException
            e.Authenticated = False
        End Try
        e.AuthenticationIsComplete = True
    End Sub
  3. In the Application_Start method of the Global.asax file, bind the event handler for the Authenticating event.

    The following example shows how to bind a handler to the Authenticating event.

    Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
        AddHandler System.Web.ApplicationServices.AuthenticationService.Authenticating, _
          AddressOf Me.AuthenticationService_Authenticating
    End Sub
  4. Call the authentication service from an application that can consume a SOAP message from a Web service, and pass the extra values to be authenticated in the CustomCredential property.

The previous code examples show a custom authentication class that throws the ArgumentNullException if any of the parameters are null. Your code must handle any exceptions that are raised during validation.

Always access the authentication service by using the Secure Sockets Layer (SSL), using HTTPS protocol.

Community Additions