service - WCF - Can i securely use the CallbackChannel to identify authenticated clients? -


i'm using nettcpbinding wpf client. want know if callbackchanel (operationcontext.current.getcallbackchannel) can spoofed 1 else ... meen, can sure, if store callback object in list, call can't use 1 else ...

exemple :

        private class clientcallback     {         public iduplexservicecallback callback { get; set; }         public long userid { get; set; }         public bool isauthenticate { get; set; }         public datetime lastping { get; set; }         public datetime lastpong { get; set; }         public bool fault { get; set; }         public long ping { get; set; }     }     static list<clientcallback> clients;       public void login(string username, string password)     {         var auth = new autentificationservice();         var user = auth.login(username, password, true, null);         if (user != null)         {             clients.add(new clientcallback()             {                 callback = operationcontext.current.getcallbackchannel<iduplexservicecallback>();,                 fault = false,                 isautenticate = true,                 lastping = datetime.now,                 lastpong = datetime.now,                 ping = 0,                 userid = user.id             });         }     }      public void action() {         var client = clients.firstordefault(o => o.callback == operationcontext.current.getcallbackchannel<iduplexservicecallback>(););         if (client != null && client.isautenticate)         {          //this client authenticated          }     } 

is possible 1 use callback of else?

tanks

this vague question, think understand trying at. first, operationcontext.current.getcallbackchannel give caller of service, whichever client may be. client (at least on windows) not able use same tcp channel since in use.

now if talking authentication, or how make sure client called service legitimate, different topic together.


Comments

Popular posts from this blog

linux - Does gcc have any options to add version info in ELF binary file? -

javascript - Clean way to programmatically use CSS transitions from JS? -

android - send complex objects as post php java -