What is the best way to authenticate web users from WCF coming from ASP.Net web application?
I have an asp.net mvc 2 web application that connects to a WCF web service hosted in IIS. This is in an intranet environment using windows authentication. I need to authenticate the user connecting to the web application inside inside of my WCF service, but the WCF cannot see who connected to the web app.
This ca开发者_如何学Gon't be a new problem, so how have some of you solved this issue?
Take a look at some of the intranet application scenarios on the below link:
CodePlex Security Guide
The following intranet scenarios are presented with security configuration guides and checklists that you might find useful:
Chapter 9 - Intranet - Web to Remote WCF Using Transport Security (Original Caller, TCP)
Chapter 10 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)
Chapter 11 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)
Chapter 12 - Intranet – Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP)
If you are using Windows Authentication, one option may be to use delegation to pass the caller's identity from the web app to the WCF service.
Is a shared session an option?
WCF offers an attribute (AspNetCompatibilityRequirements) that (presumably among other things) makes the session state ASP.net compatible. This in turn allows you to use out-of-process session state management that can be shared between applications.
You can enable this using
[AspNetCompatibilityRequirements(RequirementsMode=AspNetCompatibilityRequirementsMode.Allowed]
And then in your configuration
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
...
</system.serviceModel>
If you go the SQL Server route, I wrote this a while back. It is sharing between asp.net and an asmx service, but on the SQL Server side I imagine things are the same. Basically you need to make SQL Server recognize both parts of the system as the same application.
WCF also uses the same membership providers as ASP.net, so you might be able to get something going that way.
精彩评论