3

I have an MVC Application on X domain and a WCF Service in Y domain, and I want to use the same membership provider for both of them.

The WCF Service is in Y domain because the data is in an intranet server, and the MVC Application is in X domain because I don't want to handle all the request on our server that generates the data.

I want the user to login to the MVC Application and by doing so also authenticating to the WCF Service.

I don't know which would be the best way to do so, if I can create cookies for both things when they authenticate in the MVC Application (which I'm not sure how to accomplish). I don't want my WCF Service be available to anyone who's not authenticated.

So what I think I need is the AuthenticationService to validate the user and then pass the same username and password to my custom WCF Service to be able to interact with it.

The thing is that I validate my username with AuthenticationService and create a cookie (http://msdn.microsoft.com/en-us/library/bb515342.aspx) but then when I interact with my Custom WCF Service (Data) I need to supply username and password again (http://msdn.microsoft.com/en-us/library/ff647294.aspx), I have no problem with the username but the password I'm not sure how to manage it and I don't want to be asking for the password every time.

Is there something easier?

tereško
  • 58,060
  • 25
  • 98
  • 150
sergioadh
  • 1,461
  • 1
  • 16
  • 24

1 Answers1

1

Check the link below. Your scenario is fully covered and explained. http://msdn.microsoft.com/en-us/library/bb386582.aspx

Hope that helps.

Sebastian Siek
  • 2,045
  • 17
  • 16
  • I've read that article and have my WCF Service using SQL Membership Provider to authenticate the users, but I need to pass along username and password as seen here [http://msdn.microsoft.com/en-us/library/ff647294.aspx#Step11](http://msdn.microsoft.com/en-us/library/ff647294.aspx#Step11), since it will be used by an MVC Application I don't want to be providing them every request I need to make. – sergioadh Apr 04 '12 at 19:29
  • 1
    Right, so you are not happy about passign username/password with every request? Imagine RESTfull web service (which can be easily done with WCF) - REST web services should be stateless, which means no cookie, session etc. That means you have to pass something - which will either be username and password, or tokens. – Sebastian Siek Apr 04 '12 at 19:43
  • So for any secure WCF I should provide some sort of credentials, being username and password or I can go with the tokens (Federated Security) right? So in my case that I don't want to provide username/password each time tokens would be the way. – sergioadh Apr 05 '12 at 15:39
  • technically yes, an alternative here would be a certificate based approach. each user can be automatically authenticated based on previously issued and installed certificate. however I'm not sure if you want to go down this route. – Sebastian Siek Apr 05 '12 at 21:16