WCF and SimpleMembershipProvider. How to manage users?

Question

I have ASP.NET MVC 4 application with user authentication based on SimpleMemebershipProvider. Using Ms SQL database. Everything works fine. I can register new users, log in, log-out etc.

The problem is that I want to create Windows forms application which can connect to the server and after passing credentials it can validate if user exists in database (registered through MVC) and if so, do some stuff, for example change username or password. My idea is to use WCF service library. I know the basic idea of WCF or at least i hope so :) I know that there is possibility to authenticate users.

I was searching the web but i didn't found how to do this with simplememebership provider. I've also tried to write WCF Service library on my own and I've created something like this below but it doesn't work. When I'm testing and put wrong credentials it returns string "bad credentials" which is good. However when i type in valid credentials it shows me an error "NullReference exception" on line:

if (WebSecurity.Login(UserName, password, persistCookie: false)).

I don't think it's secure either :/

Can somebody explain me how to this or what I'm doing wrong ?? Or maybe there is better solution than WCF ?

Sevice1.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;
using WebMatrix.WebData;
using System.Web.Mvc;


namespace AR_WCF_Library
{
    // NOTE: You can use the "Rename" command on the "Refactor" menu to change the class name "Service1" in both code and config file together.
    public class Service1 : IService1
    {
        public string GetData(string UserName, string password)
        {

            WebSecurity.InitializeDatabaseConnection("MyDB", "UserProfile", "UserId", "UserName", autoCreateTables: false);

            if (WebSecurity.Login(UserName, password, persistCookie: false))
            {
                return string.Format("Hello: {0}", UserName);
            }
            else
            {
                return "bad credentials";
            }
        }

    }
}

App.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <connectionStrings>

    <add name="MyDB" connectionString="Data Source=SERWER\MORPHEUS;Initial Catalog=AOR;Integrated Security=True;Connect Timeout=15;Encrypt=False;TrustServerCertificate=False" providerName="System.Data.SqlClient" />

  </connectionStrings>
  <system.web>
    <compilation debug="true" />

    <roleManager enabled="true" defaultProvider="SimpleRoleProvider">
      <providers>
        <clear/>
        <add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
      </providers>
    </roleManager>

    <membership defaultProvider="SimpleMembershipProvider">
      <providers>
        <clear/>
        <add name="SimpleMembershipProvider"
             type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"
             enablePasswordReset="true" />
      </providers>
    </membership>

  </system.web>
  <!-- When deploying the service library project, the content of the config file must be added to the host's 
  app.config file. System.Configuration does not support config files for libraries. -->
  <system.serviceModel>
    <services>
      <service name="AR_WCF_Library.Service1">
        <host>
          <baseAddresses>
            <add baseAddress = "http://localhost:8733/Design_Time_Addresses/AR_WCF_Library/Service1/" />
          </baseAddresses>
        </host>
        <!-- Service Endpoints -->
        <!-- Unless fully qualified, address is relative to base address supplied above -->
        <endpoint address="" binding="wsHttpBinding" contract="AR_WCF_Library.IService1">
          <!-- 
              Upon deployment, the following identity element should be removed or replaced to reflect the 
              identity under which the deployed service runs.  If removed, WCF will infer an appropriate identity 
              automatically.
          -->
          <identity>
            <dns value="localhost"/>
          </identity>
        </endpoint>
        <!-- Metadata Endpoints -->
        <!-- The Metadata Exchange endpoint is used by the service to describe itself to clients. --> 
        <!-- This endpoint does not use a secure binding and should be secured or removed before deployment -->
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, 
          set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
          <!-- To receive exception details in faults for debugging purposes, 
          set the value below to true.  Set to false before deployment 
          to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

</configuration>

Answer 1

Add the following to the Web.config of whatever hosts your WCF service:

<system.serviceModel>
   <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>