Pass User info to WCF Web service with WCF method vs with Soap header

Question

My WCF Webservice provide all data manipulation operations and my ASP .Net Web application present the user interface.

I need to pass user information with many wcf methods from ASP .Net app to WCF app.

Which one in is better approach regarding passing user info from web app to web service?

1) Pass user information with SOAP header?

ASP .Net Application has to maintain the number of instances of WCF Webservice client as the number of user logged in with the web application. Suppose 4000 user are concurrently active, Web app has to maintain the 4000 instances of WCF webserice client. Is it has any performance issue?

2) Pass user information with each method call as an additional parameter?

Every method has to add this addtional paramter to pas the user info which does not seems a elegant solution.

Please suggest.

regards, Dharmendra

Answer 1

I believe it's better to pass some kind of user ID in a header of every message you send to your WCF service. It's pretty easy to do, and it's a good way to get info about user + authorize users on service-side if needed. And you don't need 4000 instances of webservice client for this.

You just need to create Behavior with Client Message Inspector on client side(and register it in your config). For example:

public class AuthClientMessageInspector: IClientMessageInspector
{

    public void AfterReceiveReply(ref Message reply, object correlationState)
    {            
    }

    public object BeforeSendRequest(ref Message request, IClientChannel channel)
    {            
        request.Headers.Add(MessageHeader.CreateHeader("User", "app", "John"));
        return null;
    }
}

public class ClientBehavior : IEndpointBehavior
{

    public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
    {            
    }

    public void ApplyClientBehavior(ServiceEndpoint endpoint, ClientRuntime clientRuntime)
    {
        foreach (var operation in endpoint.Contract.Operations)
        {
            operation.Behaviors.Find<DataContractSerializerOperationBehavior>().MaxItemsInObjectGraph = Int32.MaxValue;
        } 

        var inspector = new AuthClientMessageInspector();
        clientRuntime.MessageInspectors.Add(inspector);
    }

    public void ApplyDispatchBehavior(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher)
    {            
    }

    public void Validate(ServiceEndpoint endpoint)
    {            
    }
}

And extract it from your service-side:

var headers = OperationContext.Current.IncomingMessageHeaders;
var identity = headers.GetHeader<string>("User", "app");