How to set WCF security when Calling WCF from a web applicaion that shares same ASPNET membership with WCF service?

NET web application and a WCF Application that share the same ASP.NET membership database. They are both sharing the same ASP.NET membership database.

It is basically like:

WCF: is https://ServerName/Services.svc ASP.NET: is https://ServerName/Default.aspx

(both are two virtual folders in the same web application and both are using the开发者_运维问答 same ASP.NET membership database).

The user logs on to the ASP.NET application and can then decide to call the WCF service.

What are my options for setting the security for the call between the ASP.NET and the WCF service that make the call using the credentials supplied by the user when logging to the ASP.NET application?

If you run you application in ASP.Net Compatibility mode. You will get all the security features available with ASP.Net. Things such as HttpContext.Current.User will point to the logged in user.

For the fastest implementation (by fastest I mean to get up and running) get Juval Lowy`s ServiceModelEx library from http://www.idesign.net and use his declarative security library.

I have used this library a lot and it works well.