http://disqus.com/by/karl_mcguinness/enSun, 07 Sep 2008 11:13:54 -0000http://www.thefreakparade.com/2008/09/flowing-identity-from-a-client-to-a-service-when-using-restful-wcf-part-2-a-solution/#comment-2212475<p>Good to see other folks doing the same thing. We just finished prototyping a similar approach. Instead of using custom headers, have you thought about using WS-Security Token Profiles over HTTP headers so that you can leverage the existing profiles and library support? (see <a href="http://www.xml.com/pub/a/2003/12/17/dive.html)" rel="nofollow noopener" target="_blank" title="http://www.xml.com/pub/a/2003/12/17/dive.html)">http://www.xml.com/pub/a/20...</a> . WS-Security has a standard profile for SAML tokens so you can also use this approach to normalize your SOAP and REST strategies in WCF.</p><p></p>karl_mcguinnessSun, 07 Sep 2008 11:13:54 -0000