Passing Authentication between MVC Application and WCF Service using Identity 2.0

Question

I have created a WCF Service that runs in IIS and is published in a website.

I also have a MVC application that uses indentity 2.0 to authenticate and authorize my users and this application is connected to a SQL Server database with user information. This applications consumes the WCF service.

What I want to know is if it is possible to use the user credentials from authenticated user in the MVC application to make calls to the WCF Service and, if yes, which is the best practice for doing this.

Answer 1

I've finally found an answer for this subject.

When calling the web services from your asp.net mvc app you can pass the cookie like this:

 var request = HttpContext.Current.Request;
 var cookie = request.Cookies.Get("IdentityCookie");
 var ticket = cookie.Value;

Pay attention that in this line var cookie = request.Cookies.Get("IdentityCookie") It will not work in your case because I renamed the cookie, if you didn't rename the cookie you replace "IdentityCookie" for ".AspNet.ApplicationCookie" otherwise just replace it for your cookie name.

(In my case I have a class that auto sends message headers in every request, the cookie goes in that header, you can make something similar)

Then you just need to make a message Inspector in WCF side so that every request pass to that inspector before calling the service. In that Inspector you can decrypt the cookie and check if the user is authenticated.

It resolved the problem for me, I hope this can help.