Eaglesoft 21.30 Authentication

I thought I would take a look at Eaglesoft 21.30 authentication... this is pretty good. 

The WCF Server and Client have added message headers to the messages. The Client adds the CustomerID, UserID, and UserPassword, and DatabaseInfo (based on the connection string) to the message header and the server then validates this before replying to GetServerDatabaseUserInfo method. The info is called a Tenant.

Before: 21.00

StartService(typeof(SetupService), typeof(ISetupService), "SetupService");

After: 21.30

StartService(typeof(SetupService), typeof(ISetupService), "SetupService", false, true, true, ServiceDependency.SetupService);

StartService is like this:

private void StartService(Type instance, Type contract, string serviceName, bool useStreaming = false, bool requiresMessageHeader = true, bool useSilentInstallInspector = false, ServiceDependency serviceDependency = ServiceDependency.Invalid)

requiresMessageHeader = true helps a lot!

Great Work!

https://stackoverflow.com/questions/1426179/how-to-restrict-access-to-a-wcf-service-with-a-shared-key

Well, I guess I won't be writing a multi-threaded customer id guesser for fun anymore. Mission Accomplished.