Reputation: 567
MVC3 Application using Forms Authentication consuming WCF in other solutions
Here's our scenario:
We have an MVC3 Application 'MVC3ABC' in solution S1 that is secured using Forms Authentication (currently the user details are just in the web.config for early dev but they will be in an SQL Server database soon).
MVC Controller C1 calls through to a WCF service W1 which has the .svc file under a separate ASP.NET web project in solution S1. In this case, the WCF service does not need to know which particular user is logged in, just that it is an authenticated user accessing.
MVC View V1 is hosting a Silverlight4 App SLV1 which calls through to a WCF service W2 which has the .svc file under a separate AST.NET web project in a different solution S2. In this case, the WCF service does need to know which particular user is logged in as it will get data from different databases depending on which user is logged into the MVC site.
So essentially, what we require is that access to the two WCF services can be done from the MVC site by users already authenticated through the MVC application and in the case of the W2 service, we need to know which user it is. Any access to the WCF services outside the MVC site needs to also be authenticated or shouldn't work (no anonymous access to the WCF services is permitted).
Is there a standard approach to solving this problem? Does anyone know of any sample projects where I can see this kind of thing in action?
A few extra details - we are using Visual Studio 2012 RC, .NET 4.5 and IIS7.
Thanks
Upvotes: 1
Views: 990
Answers (1)
Reputation: 32758
I guess what you are trying to achieve is sharing the Forms Authentication across MVC application and the WCF services. You could do that :)
The idea is you have to share the cookie from the MVC application to the WCF services.
Following are the things you have to take care on doing this.
The MVC and WCF services should use the same forms and machineKey sections in the web.config. See here. Means WCF services should also use forms authentication and all the three of them should share the same machine key to have the cookie being shared.
Of course the WCF services should run in asp.net compatibility mode.
When making calls to WCF services you should manually add the forms authentication cookie to the outgoing message header. See here.
EDIT:
Based upon the OP's comment I'm updating my answer.
The above solution seems to be good when the WCF service has to be used only by the MVC and not by other clients. But if the WCF service also want to be consumed by different clients other than the MVC project then the client will face tough time because they have to construct the cookie and append to the request (i'm not sure whether this is possible!).
So little more elegant solution would be make the WCF services self-contained, means, integrate the authentication/authorization mechanism separately to it. One way is you can easily integrate the ASP.NET membership provider to the WCF services. By this way the authentication will happen separately at the WCF service side. The other advantages are third-party clients or other applications can easily consume the WCF service passing the credentials through the proxy.
So here is a link that says how to configure asp.net membership provider in WCF service,
Upvotes: 1
Related Questions
- Authentication and Authorization of an MVC client application throgh WCF service?
- ASP Forms Authentication with WCF?
- Forms Authentication for WCF
- WCF Service Authentication from MVC App sharing same Membership Provider
- ASP.NET authentication from a Windows Forms application
- Asp.net mvc4 authentication through WCF
- Custom ASP.NET Forms Authentication Service with WCF
- WCF Service using ASP.NET Forms Authentication
- MVC2 Apps (and others) sharing WCF services and authentication
- WCF Forms Based Authentication Via Web App - Passing Credentials