Mark Richman
Reputation: 29710
WCF Service using ASP.NET Forms Authentication
I am invoking a WCF web service (.NET 4.0) via jQuery $.ajax() from an ASP.NET page. How can I secure the WCF service such that only authenticated ASP.NET users can invoke the service's methods? Do I need to imperatively check the forms authentication cookie manually in each service method, or is there a more declarative approach?
Upvotes: 4
Views: 2119
Answers (1)
Mark Richman
Reputation: 29710
SOLUTION: Move the .svc files under a "Services" directory (or any directory that will hold the services to be secured) and secure that directory with its own web.config. Configure the location to deny anonymous users:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
Upvotes: 3
Related Questions
- WCF and Authentication
- ASP Forms Authentication with WCF?
- Forms Authentication for WCF
- ASP.NET with WCF Windows Authentication
- WCF authentication service
- Authenticating to a WCF service
- WCF and authentication
- Custom ASP.NET Forms Authentication Service with WCF
- WCF and Authentication
- Authenticating ASP.NET web app with WCF service