WCF with Forms Authentication

Question

I've a asp.net 4.5 webforms project with WCF REST services. The aspx pages call these services from code behind using HttpClient. All the get and post services work fine.

We recently added Forms Authentication to the whole solution and it redirects to the login page when I try to access any page or WCF service (ex: localhost/Service/Test.svc). When I login and try to hit the service from aspx page's code behind using HttpClient, it doesn't pick up my HttpContext on WCF and instead returns me the html of the login page. I've the following added to the WCF settings in web.config:

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />

and also this attribute on my service class:

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]

and tried to pass all the cookies from HttpContext to HttpClient instance using WebRequestHandler() handler:

var handler = new WebRequestHandler();
                CookieContainer cc = new CookieContainer();
                for (int i = 0; i < Request.Cookies.Count; i++)
                {
                    Cookie oC = new Cookie();
                 // Convert between the System.Net.Cookie to a System.Web.HttpCookie...
                    oC.Domain   = "ss";
                    oC.Expires  = Request.Cookies[i].Expires;
                    oC.Name     = Request.Cookies[i].Name;
                    oC.Path     = Request.Cookies[i].Path;
                    oC.Secure   = Request.Cookies[i].Secure;
                    oC.Value    = Request.Cookies[i].Value;
                    cc.Add(oC);
                }
                handler.CookieContainer = cc;
                handler.UseDefaultCredentials = true;
                handler.AllowPipelining = true;
                handler.UseCookies = true;                
                using (var client = new HttpClient(handler)){}

web.config:

<authentication mode="Forms"> 
  <forms defaultUrl="~/" loginUrl="~/Account/Login"></forms> 
</authentication> 
<authorization> 
  <deny users="?"/> 
</authorization> 
</system.web> 
<location path="Service/TestService.svc"> 
 <system.web> 
  <authorization> 
   <allow users="*"/> 
  </authorization> 
 </system.web> 
</location>

Am I doing something wrong in the code or is it not possible for the WCF service to be on same project as the client and use the HttpContext? Please let me know if more code is required. I'm not sure what should I provide as not much of it is that complicated.

-Thanks

Can we see your code for the WCF method and the `system.web/authentication` part of your `web.config`? Also, you say that the .aspx calls WCF - are they on different servers, or IIS instances? — geedubb, Dec 27 '13 at 17:44
web.config: I think the web.config won't be formatted correctly. But I hope you'll get the joist. The wcf and aspx are on the same IIS instance, same website. — jacob, Dec 27 '13 at 17:48
What is the reason you make an `.aspx` page call a `WCF` on the same instance? I mean if you want to expose both to a client then why not call common methods from both places? — geedubb, Dec 27 '13 at 17:54
we've not decided if we'll move the services out. Technically I can just hit the database directly from aspx. In the future we might host the services out, but want to build the infrastructure now. Is what I'm trying to achieve not possible with WCF. — jacob, Dec 27 '13 at 17:58
This is definitely possible. Can you try using `WebClient` rather than `HttpClient` to make the request. See http://stackoverflow.com/questions/12212116/how-to-get-httpclient-to-pass-credentials-along-with-the-request — geedubb, Dec 27 '13 at 18:38
tried webclient with the following code:- using (var client = new WebClient(){UseDefaultCredentials = true}) { Stream stream = client.OpenRead(Url); StreamReader reader = new StreamReader(stream); string s = reader.ReadToEnd(); - Still getting the same error as with HttpClient. On the link they impersonate the windows identity, I'm not sure how I can do that with FormsIdentity as instance of FormsIdentity doesn't have Impersonate() method. — jacob, Dec 27 '13 at 22:04
I also tried to add this to the project: http://msdn.microsoft.com/library/bb398990 but didn't get. Thanks! — jacob, Dec 30 '13 at 22:10

WCF with Forms Authentication

0 Answers0