authentication issues in RIA Domain Service (Access to operation denied)

DomainService1 is a RIA Domain Service that is exposed as a SOAP service. This service was secured by using the [RequiresAuthentication] and [RequiresRole("xyz")] attributes.

In web.config it's been enabled the roleManager and the authentication mode set to Forms.

A test client uses the following code to authenticate and invoke a remote service operation:

        var auth = new myAuth.AuthenticationDomainServiceSoapClient();
        var svc = new mySvc.DomainService1SoapClient();

        try
        {
            string myCookie;

            using (new OperationContextScope(auth.InnerChannel))
            {
                var user = auth.Login(svcUser.Text, svcPass.Text, false, string.Empty);

                var res = (HttpResponseMessageProperty)OperationContext.Current.IncomingMessageProperties[HttpResponseMessageProperty.Name];
                myCookie = res.Headers[HttpResponseHeader.SetCookie];
            }

            using (new OperationContextScope(svc.InnerChannel))
            {
                var octx = OperationContext.Current;
                HttpRequestMessageProperty request = new HttpRequ开发者_如何转开发estMessageProperty();
                request.Headers["Cookie"] = myCookie;
                 OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = request;

                var results = svc.GetItems();
            }
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message);
        }

I can see the call to auth.Login actually returns the right user, and in that object I can see the role is set properly. However, the call to GetItems fails and an exception that says "Access to operation denied" is raised.

Am I overlooking something? Can you see anything obvious that I am missing out?

Thanks in advance,

Cheers, Gianluca.

[EDIT] I'd like to add that in the EventLog I get this: Forms authentication failed for the request. Reason: The ticket supplied was invalid.

Any idea of the reason?

Cheers.

I had a similar issue (exception) when the data I stored in the cookie is too long. Try to store only important data in the session cookie, as it is limited to 4k. Even though login is successful, on subsequent calls it throws the access is denied error, because the cookie is too big.

The answer posted to this RIA Authentication from a Web Services project question seems to provide the missing link.

The additional step missing from your code (and mine) is the FormatCookie() method used to read the HttpResponseHeader.SetCookie property.

/// <summary>
/// Formats a request cookie string from the cookies received from the authentication service
/// </summary>
/// <param name="input">The cookie string received from the authentications service</param>
/// <returns>A formatted cookie string to send to data requests</returns>
private static string FormatCookie(string input)
{
    string[] cookies = input.Split(new char[] { ',', ';' });
    StringBuilder buffer = new StringBuilder(input.Length * 10);
    foreach (string entry in cookies)
    {
        if (entry.IndexOf("=") > 0 && !entry.Trim().StartsWith("path") && !entry.Trim().StartsWith("expires"))
        {
            buffer.Append(entry).Append("; ");
        }
    }
    if (buffer.Length > 0)
    {
        buffer.Remove(buffer.Length - 2, 2);
    }
    return buffer.ToString();
}

Personally I've used the CookieManager technique described here http://blogs.msdn.com/b/davrous/archive/2010/12/03/how-to-open-a-wcf-ria-services-application-to-other-type-of-clients-the-soap-endpoint-3-5.aspx and then added the FormatCookie() method to it to get it working.