2

I have enabled the ASP.Net authentication service, as recommended by msdn. I am then attempting to use the service via a console app or winforms app (by adding a service reference to my local WCF service). I am doing custom authentication and transport security (so I am handling the AuthenticationService.Authenticating event in my Global.asax which works fine).

The authentication itself works fine, but the proxy created by adding the Service Reference does not include the CookieContainer property. This is obviously a problem when I try to pass the cookie token to subsequent services which require authentication.

Also, in the following client code, the IsLoggedIn() returns false, I'm guessing this is related to no cookie container being present.

ServiceReference1.AuthenticationServiceClient client = 
                  new ServiceReference1.AuthenticationServiceClient();
bool isLoggedIn = client.Login("test", "test", "", true); //returns TRUE
bool check = client.IsLoggedIn(); //returns FALSE

Here is my web.config on the service:

<configuration>
    <system.web>
        <compilation debug="true" targetFramework="4.0" />
    </system.web>
  <system.web.extensions>
    <scripting>
      <webServices>
        <authenticationService enabled="true"
           requireSSL = "false"/>
      </webServices>
    </scripting>
  </system.web.extensions>
  <system.serviceModel>
    <services>
      <service name="System.Web.ApplicationServices.AuthenticationService"
          behaviorConfiguration="AuthenticationServiceTypeBehaviors">
        <endpoint contract="System.Web.ApplicationServices.AuthenticationService"
          binding="basicHttpBinding"
          bindingConfiguration="userHttps"
          bindingNamespace="http://asp.net/ApplicationServices/v200"/>
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
        <binding name="userHttps" allowCookies="true">
          <!--<security mode="Transport" />-->
        </binding>
      </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="AuthenticationServiceTypeBehaviors">
          <serviceMetadata httpGetEnabled="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
  </system.serviceModel>
</configuration>

EDIT: Something else I should add, I did a Fiddler session of the service calling the Login method, and the cookie is being set and sent back to the client. But what am I supposed to do with no CookieContainer?

EkoostikMartin
  • 6,831
  • 2
  • 33
  • 62

4 Answers4

2

When this option is enabled the client will make sure all cookies received from a given web service are stored and properly sent on each subsequent request in a transparent fashion. But there is a catch: the cookie is only handled in the conversation with one web service. What if you need to send the same cookies to different web services?

If you need to send the same cookies to multiple services, read this article: http://megakemp.wordpress.com/2009/02/06/managing-shared-cookies-in-wcf/

Ray Henry
  • 905
  • 6
  • 12
0

You need to configure the binding to allow cookies.

<system.ServiceModel>
     <bindings>
            <basicHttpBinding allowCookies="true">
     </bindings>
Ray Henry
  • 905
  • 6
  • 12
  • Cookies will only be passed to the service that created them. Are you trying to send it to a different service? – Ray Henry Jul 09 '12 at 21:40
  • No, there is no different service, I'm just trying to get the cookies into a `CookieContainer` – EkoostikMartin Jul 09 '12 at 21:48
  • Yes, it does allow `client.IsLoggedIn()` to return true, but doesn't give me access to the cookie itself to persist it. – EkoostikMartin Jul 10 '12 at 13:53
  • @EkoostikMartin I am also stuck at the same point.. did you manage to find a solution? I am calling authenticationServiceWCF from a WP7 code behind and trying to get the cookie, but in vain. – Rohith Nair Jul 30 '12 at 19:56
  • @EkoostikMartin I did see that, but I am calling aync methods on AuthenticationService WCF. If I use it like this, how can I get the response object? Other doubt is ; in example it is shown as setting some value to cookie and I dont have control of the authentication process as I am using ASP.net authentication.[[Using WP7 and trying for ASP.NET authentication using AuthenticationService WCF Service]] – Rohith Nair Jul 30 '12 at 21:29
0

Apparently, when adding a Service Reference (.Net 3.5+) to a WCF service on a client, the proxy class derives from System.ServiceModel.ClientBase. This class does not have a CookieContainer property (because the ClientBase supports non-HTTP protocols that have no concept of cookies).

http://netpl.blogspot.com/2011/11/managing-cookies-in-wcf-client.html

I could add a Web Reference instead, which would use the .Net 2.0 proxy class (and has CookieContainer property exposed) http://msdn.microsoft.com/en-us/library/bb628649.aspx. But I will most likely revisit my approach entirely and use custom headers and service behaviors to accomplish my goal.

EkoostikMartin
  • 6,831
  • 2
  • 33
  • 62
0

Another option is to access the cookie container for the underlying channel like this:

var cookieManager = client.InnerChannel.GetProperty<IHttpCookieContainerManager>();
cookieManager.CookieContainer.Add(new Cookie(....));

For the above manager to be present, you need to set AllowCookies to true, e.g.:

<system.ServiceModel>
    <bindings>
        <basicHttpBinding allowCookies="true">
    </bindings>
Atanas Atanasov
  • 1
  • 1