Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

WCF session management

Posted on 2012-04-04
2
Medium Priority
?
376 Views
Last Modified: 2012-09-24
OK so,

I have a multi-tenanted SQL database with a "domid" column in each table which defines which tenant that row is for. It works pretty well as the software just appends the current users id to each database request. I have been asked to write/implement a WCF service to interface with the database so that they can start writing other applications to leverage off the information contained within the database.

I'm new to WCF services but have managed to throw together a quick service which does username password and domain authentication. My question is this:

Company 1 logs in to the software and their username and password (hashed... not plain text) is sent via WCF and a bool is returned. From here, how do/should I ensure that this login is associated with each of the users subsequent requests. i.e. user logs in, and then requests a list of all their customers with current outstanding balance. I can't use their domid anymore because what's stopping a smart user changing it in the request? Is their some kind of session handling that i can use? if their is, is this functionality usable by non .net frameworks (like java script or iOS for example).

to date all access has been via a remote desktop connection to a server, which then has the software installed on it and make direct sql requests. What I want to do it to replace this with a WCF interface which handles all the authentication and data retrieval but don't understand/know now to get some form of state-full session handling in place. I've been trying to look for information somewhere but as you might be able to tell from the wording of my question, I don't really know what terminology to use to try and find what i'm looking for.

Or, am I going about this all wrong. Should I look at changing the way the whole thing works, change the Database to something different like different schema's for each tenant instead. My understanding is that it would remove some of the security issues but still doesn't fix my session issue.

Any points or resources anybody can point me to would be most helpful. Also, if anybody has done this before I'd love to hear how you did it.
0
Comment
Question by:neutral_penguin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Accepted Solution

by:
apeter earned 1500 total points
ID: 37816957
The word session is different in ASP.Net and WCF.  this link will tell you what is session in WCF is, http://msdn.microsoft.com/en-us/library/ms733040.aspx.

Below link should help you in your scenario.

http://weblogs.asp.net/cibrax/archive/2008/01/22/authenticating-users-with-supporting-tokens-in-wcf.aspx
http://msdn.microsoft.com/en-us/library/bb386582.aspx
0
 
LVL 1

Expert Comment

by:vipin_soft
ID: 37969983
You can also use Structure map for session.Please check this follwing link:-

http://lostechies.com/jimmybogard/2008/07/30/integrating-structuremap-with-wcf/
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question