OData and Authentication – Part 1


Here on the Data Services team we hear many people ask about authentication. Questions like:

  • How do you ‘tunnel’ authentication over the OData protocol?
  • What hooks should I use in the WCF Data Services client and server libraries?

The answer to these questions, depends a lot upon scenario, in fact each authentication scenario presents unique challenges:

  • How does an OData Consumer logon to an OData Producer?
  • How does a WCF Data Service impersonate the OData Consumer so database queries run under context of the consumer?
  • How do you integrate an OData Consumer connecting with an OAuth aware OData Producer?
  • How do you federate a corporate domain with an OData Producer hosted in the cloud, so apps running under a corporate account can access the OData Producer seamlessly?

As you can see lots of questions.

And there is a real risk that people will get their answer wrong.

How we plan to help

So over the next month or so we – the Data Services team – are going to write a series of blog posts detailing our findings as we investigate common OData Authentication scenarios.

It’s hard to know exactly where this series will take us, because that will probably evolve as we explorer the space. We’ll learn as we go – and hopefully you will too – as we document the key distinctions and lessons that we learn along the way.

And then finally when we are done we will publish a whitepaper (or three) summarizing our findings and recommendations.

So stay tuned…

Oh and please let us know if you have any Auth scenarios you want us to explore.

Alex James
Program Manager
Data Services Team
Microsoft.

Comments (6)

  1. Hi Alex,

    Great to see you’re putting this series together, auth is always one of the most difficult things to get right (and *know* that you’re doing it right).

    One scenario that I’d like you to cover is auth using a 3rd party directory service. More specifically I’m thinking Facebook Connect. WLID (or the upcoming Messenger Connect) auth would also be handy.

    Thanks

    Jamie

  2. Dave Cattermole says:

    This is our scenario: an existing ASP.NET applicaiton where authentication is handled using FormsAuthentication (ie cookie-based). The requirement now is to include RIAs (eg Silverlight with OData calls) which can run under the existing web-forms single sign-on.

  3. PBernhardt says:

    Thanks for the fine series of blog posts on authentication. Have you completed the whitepaper yet? Also, where are WCF Data Services with respect to OAuth 2.0 and HATEOAS?

  4. Riaz says:

    Handle authorization from Dallas Service on windows phone 7

  5. AustinA says:

    Do we have an update on this? If I a missing the link?

  6. Vinoth says:

    I'm also looking for an update on this topic…..any idea when it will get published