I'm about to start a project with WPF which uses a web service to get info etc.
A username and password is required to authenticate you and get data which belongs to you.
I would like my WPF application to store the username and password. But I don't want to store it. So I was thinking. It would be cool if after I login for the first time it would generate a certificate at the WCF end and give it to the WPF application which can be used for each and every call.
Is what I'm thinking possible? Another problem I would like to tackle is how do I avoid someone copying and pasting the certificate?
Update
Based on @zamd suggestion. This is what I would like to solve.
- Webservice uses WCF Web Api
- Site has forms authentication
- Site signs in with Username and Password which is validated by a Token Service
- Webservice can authenticate the users token provided by the Token Service
I found this very useful blog article http://weblogs.asp.net/cibrax/archive/2011/02/04/authenticating-clients-in-the-new-wcf-http-stack.aspx but I would like to use Forms Authentication to get the SAML Token