1

I am currently writing a WCF service that will use ASP.NET Identity to perform all membership and claims related stuff. (That is, authentication, registration, and all will be performed by calling this WCF)

[DataContract(IsReference=true)]
public class ApplicationUser: IdentityUser
{
    [DataMember]
    public string FirstName { get; set; }
    [DataMember]
    public string LastName { get; set; }
    [DataMember]
    public string Email { get; set; }
}

The problem is that "IdentityUser" is a class in Microsoft.Aspnet.Identity.Core.Entityframework assembly, and this class is not marked with DataContract attribute. I am writing an operation in my WCF service to return ApplicationUser to the calling website.

Any idea of how to achieve this?

Nirman
  • 6,715
  • 19
  • 72
  • 139
  • 1
    Create a data transfer object (DTO) that has a data contract that has the same properties as the ApplicationUser class. You will have to do a transformation from your DTO to the ApplicationUser, and the other way. Use AutoMapper to do the transformation. Personally I do not see any real benefit of putting security behind a WCF web service. A network hop and serialization/deserialization on every authorization is really going to dog your web application. – Kevin Junghans Apr 01 '14 at 14:53
  • You mean to say, we need to keep ASP.NET Identity related code in the MVC website itself? I mean, it uses ApplicationDbContext which is a tight integration with the database, and that is why I thought to move that code to WCF for concern of separations. Not sure if it is a good approach. – Nirman Apr 02 '14 at 05:35
  • 1
    It is a good idea to separate it into a different layer, but that layer does not have be to be a web service. Take a look at SimpleSecurity https://simplesecurity.codeplex.com/ . It provides a layer over ASP.NET Identity and demonstrates how to customize it for email confirmation and other enhanced functionality. Your authorization functionality is not a good item to distribute because it is hit for every request from the web client. – Kevin Junghans Apr 02 '14 at 12:27
  • Thanks Kevin for the inputs, and your ideas. I have now successfully separated Identity related stuff from MVC project to different layers.. I agree that there is no point in moving Identity stuff into WCF or Web services... Please add this as an answer and will mark it. thanks – Nirman Apr 07 '14 at 08:24

1 Answers1

2

Create a data transfer object (DTO) that has a data contract that has the same properties as the ApplicationUser class. You will have to do a transformation from your DTO to the ApplicationUser, and the other way. Use AutoMapper to do the transformation.

Personally I do not see any real benefit of putting security behind a WCF web service. A network hop and serialization/deserialization on every authorization is really going to dog your web application.

It is a good idea to separate it into a different layer, but that layer does not have be to be a web service. Take a look at SimpleSecurity. It provides a layer over ASP.NET Identity and demonstrates how to customize it for email confirmation and other enhanced functionality. Your authorization functionality is not a good item to distribute because it is hit for every request from the web client.

Kevin Junghans
  • 17,475
  • 4
  • 45
  • 62