I am working on a WCF Service that returns the Status for a Device.
A Device has multiple Status for different Companies. I need to develop a WCF Service that allows a Company to retrieve the Status for their Company (and only theirs).
What is the best way, to differentiate between this companies in WCF.
As far as i can see, i have 3 options here:
- use the calling username
- An Identifier needs to be passed to the Web service
- Different Web service for all Companies
What would be the preferred way to go, or are there any other options?
//edit: I found another option: Identify the caller by certificate.
You may want to look into token based authentication.
The process would be something like this.
User sends credentials to an authentication endpoint. If successful, a token is returned.
When user wishes to check the status of the device, they pass the token in the header.
The receiving service verifies that the token is valid.
Using the token it retrieves information about the customer, retrieves the relevant data and returns it to the client.