0

I am beginning a project that will have three layers to it: a web front-end, a mobile front-end and WCF back-end. Authentication needs to be done via Active Directory, but both web front-ends will be using forms authentication to grant/reject access to certain areas, and all user control will be handled via groups inside AD. This specifically applies in the WCF side where I would like to be able to utilize the built-in Permission.Demand() functionality.

I have two questions with this. First, does anyone know of any best practice examples for doing this? Specifically in regards to passing the credentials (without the password) to the WCF service so it knows the context under which it is being accessed. Secondly, the future includes creating an Android app (and probably iPhone/Windows Phone versions as well) so I need to make sure the method used will work cross-platform with those.

Scott Salyer
  • 2,165
  • 7
  • 45
  • 82

1 Answers1

1

set the PrincipalPermissionMode to Custom, write a custom Authorization Policy (http://msdn.microsoft.com/en-us/library/ms729794.aspx) and in the implementation of the Evaluate method do the following:

     evaluationContext.Properties["Principal"]=HttpContext.Current.User;

http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/8f424d4f-2f47-4f85-a6b0-00f7e58871f1/

Joe
  • 1,649
  • 12
  • 10
  • I'm not entirely certain I understand what's being suggested here and reading through those links just leaves me more confused unfortunately. How does HttpContext.Current.User get set on the WCF side? The services will be hosted separately from each site in IIS so they won't share config entries. I could do something related to checking the FormsTicket (based on the "domain" attribute - similar to sharing auth between two sites and using the same encryption keys), but I'm not certain how that would work for the Android side since it (presumably) doesn't do HTTP cookies inside an app. – Scott Salyer Oct 11 '12 at 20:39
  • http://stackoverflow.com/questions/6747263/how-to-access-httpcontext-current-user-username-in-wcf-service http://stackoverflow.com/questions/9650098/passing-httpcontext-current-user-identity-to-wcf – Joe Dec 04 '12 at 18:33