What authentication to pick for the cross-platform WCF service?

What type of authentication would you suggest for the service that is:

  • implemented as WCF and exposed via varios enpoints (including XML-RPC)
  • has to be consumed easily by various cross-platform clients

Why?

Options that I'm aware of are:

  • Forms-based authentication for IIS-hosted WCF (easy to implement, but has horrible cross-platform support, plus it is not REST)
  • Sending plain-text username/pwd with every call (easy to use on any platform, but totally unsecure)
  • Using ticket-based authentication, when username&pwd are used to create a ticket that is valid for some time and is passed with every request (can be consumed by any client easily, but the API model is bound to this type of security)

Thanks for your time!

Answers


Since you mention REST, i assume over HTTP, you could look at HTTP Digest Authentication.

However, keep in mind that XML-RPC is not RESTful. If you are going the way of WS/RPC, you might want to look at WS-Security.


In the end I've picked the simplest approach: Web services are implemented as simple stateless SOAP services, where username and password get passed with every request.

Product page


Need Your Help

create JSON array in Objective C

ios json nsarray nsurlconnection arrays

I need help with creating a JSON array using Objective C. I have never done this before but what I would like to do is create the JSON array then make a JSON pair that I use to send back in my

Does Objective-C compile to native code or byte-code?

objective-c linux cocoa macos

On OS X, does Objective-C compile to native code or byte-code?