WCF Server-to-server security mechanism

Question

I have a .NET MVC web application with a custom forms authentication implementation that uses a FormsAuthenticationTicket embedded in an HttpCookie to manage session-based security.

We are expanding the system and the .NET MVC server layer is now going to call a secondary layer of WCF services (using HttpClient to call RESTFul services using JSON payloads). The secondary layer of services will be accessible over the internet and must therefore be secured.

What is the best way (and simplest way) for me to secure the second layer of services so that the first server layer can most easily and securely access them. Could I simply embed the existing HttpCookie containing the FormsAuthenticationTicket in the request to the second server layer?

something like this is answered http://stackoverflow.com/questions/2056686/asp-net-forms-authentication-and-multiple-domains — avi, Jul 27 '13 at 00:34

score 0 · Accepted Answer · answered Jul 26 '13 at 19:38

0

You can secure the channel with ssl and use server authorisation mechanism for it.

answered Jul 26 '13 at 19:38

Vasiliy

492
3
11

SSL is useful when transport is directly from application to the service. In this case, the service is accessible over internet. – vibhu Jul 27 '13 at 03:51

WCF Server-to-server security mechanism

1 Answers1