WSE: Custom TokenManager

Before I begin, I just need to say that this is my most interesting blog posts ever. Not because what I am preparing to say is revolutionary, but because I'm blogging while I'm waiting for the Barenaked Ladies to start playing at the Borders in downtown Ann Arbor. Nice!

We have a client, we have a service, now we need to be able to secure the lines of communication. So let's build a Token Manager that will use the previously described database. I'm not going to go over creating the new methods. If you're reading this, I'm assuming that this is old hat. What I did do was to create a method that returns a strongly-typed datatable with all of the account information given a username and password. Check out the code below:




namespace WebService
{

    public class TokenManager : UsernameTokenManager
    {
        public TokenManager()
        {
        }

        public TokenManager(XmlNodeList nodes)
            : base(nodes)
        {
        }


        protected override string AuthenticateToken(UsernameToken token)
        {
            DataAccess.WebDataSetTableAdapters.AccountTableAdapter ta = new
                DataAccess.WebDataSetTableAdapters.AccountTableAdapter();
            DataAccess.WebDataSet.AccountDataTable dt =
                ta.GetDataByUsernamePassword(token.Username, token.Password);
            if (dt.Rows.Count == 1)
            {
                return token.Password;
            }
            else
            {
                throw new Exception("SHAME ON YOU, INVALID USER!!!");
            }
        }
    }
}




Is there anything in this code that sends up red flags? To me there is. If the password being sent in the token does not match the string being returned (ie, a password), authentication fails. Nonetheless, I will give this idea some thought before making up my mind. These patterns are well thought out, after all and I can't possibly be the first person to consider this. Next post, getting things to work together.