WCF authentication with multiple providers

There is the following design: the back-end implemented as WCF, the public front site and two intranet sites (all three talking to the back-end). I believe that authentication on the sites is not enough (i.e. passing ClientID to WCF in each request as a parameter) and i want to protect my back-end (WCF) with authentication to perform double-check and have PrincipalPermission on the methods with roles specified.

I'm sure that identity names from both providers do not cros开发者_运维问答s (public logins are digits only and the intranet will be something like 'DOMAIN\Login'). The front site uses forms auth and its provider returns GenericPrincipal. The intranet sites use Windows auth and i have WindowsPrincipal attached to Page.User.

Is it possible to configure WCF to use two membership providers (custom one that the front site uses and Windows) out of the box, without writing another custom code? Is it important how my WCF is hosted? Currently it's windows service. Do i need to switch to IIS 7?

I don't think so - you can have only one membership provider. But you can have a custom provider that can authenticate against two different stores based on credentials presented. For example, it can check if user name is like domain\login then try against active directory otherwise try against web site provider.

Yet another idea is to have two different end points for the service. Each will be configured with specific provider. Service implementation would remain same - inside, you have to go for claim based authorization. Check this article for more info: http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel