I am working on a WCF Service that returns the Status for a Device.
A Device has multiple Status for different Companies. I need to develop a WCF Service that allows a Company to retrieve the Status for their Company (and only theirs).
What is the best way, to differentiate between this companies in WCF.
As far as i can see, i have 3 options here:
- use the calling username
- An Identifier needs to be passed to the Web service
- Different Web service for all Companies
What would be the preferred way to go, or are there any other options?
//edit: I found another option: Identify the caller by certificate.
3
You may want to look into token based authentication.
The process would be something like this.
-
User sends credentials to an authentication endpoint. If successful, a token is returned.
-
When user wishes to check the status of the device, they pass the token in the header.
-
The receiving service verifies that the token is valid.
-
Using the token it retrieves information about the customer, retrieves the relevant data and returns it to the client.