I am new to all the web thing so the question may seem trivial but not to me. The implementation logic is:
ASP.NET MVC 3 -> WCF Service -> SQL Database
Authentication and authorization in ASP.NET MVC3 use custom Membership and Role providers because all the log in details are stored in SQL Database. There is a requirement to implement authorization to WCF service too. That uses the same credentials as ASP.NET MVC 3. I have implemented Username type for WCF security using custom UsernameValidator.
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
It works for the first time, when user logs in to the web site because there are credentials. However, after FormsAuthentication.SetAuthCookie on ASP.NET MVC 3, the user name is all I have. As MVC approach consists of variety of controllers, I have to create instance of WCF client on each and every of them. But without credentials it does not make sense.
[Authorize]
public class MyController : Controller
{
private WebServiceClient ServiceClient = new WebServiceClient();
public ActionResult Index(string userName)
{
var model = ServiceClient.GetDataList();
return View(model);
}
}
The new instance does not use existing session. It creates a new one with blank credentials.
- Is there a secure way of creating instance of WCF client per session?
- Or an option of WCF accepting ASP.NET authentication?
- What is the best way of attaching asp.net authentication to wcf request?
