tags:

views:

371

answers:

2
+1  Q: 

How can I forms authenticate a user in a custom webservice?

I am working on integrating a silverlight site into our existing application and am trying to get the login functionality working. The Silverlight application needs to have it's own login page, and the login needs to utilize the existing ASP.NET forms authentication. As part of the login procedure, we are calling some external code, so using the scriptable methods that System.Web.ApplicationServices.AuthenticationService exposes is not an option. I tried to use FormsAuthentication.Authenticate to do this, but it didn't work. Does anyone have any ideas on how to get around this?

+1  A: 

It sounds as though you need to create a wrapper websevice which can implement the forms authentication support.

This is something I've done so for example I've created a WCF service with the following interface which is referenced by my Silverlight client:

[ServiceContract]
    public interface IAuthenticationService
    {
        [OperationContract()]
        string Login(string username, string password, bool isPersistent);
        [OperationContract()]
        bool Logout();
        [OperationContract()]
        string IsLoggedIn();     
    }

and then in my implementation you can call custom code and also use the forms authentication api, for example to login you could have:

try
            {
                //Call you external code here
                //Then use the membership provider to authenticate
                if (Membership.ValidateUser(username, password))
                {

                    FormsAuthentication.SetAuthCookie(username, isPersistent);

                }
            }
            catch (Exception ex)
            {
                Logging.LogException("Error in Login", ex);
            }

Also not you need to include the following attribute above you class definition in your service implementation to have asp.net compat enabled which will give you access to the HttpContext:

 [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
Andy Britcliffe  2009-07-07 08:32:02
A: 

The solution is simple. Just create a custom membership provider that calls your custom code. See this article on MSDN library for more information. There are also full samples available on 15 seconds and a walkthrough video on the ASP.NET website. Finally, it appears Microsoft has released the source for the built-in Membership Provider

Mike Brown  2009-07-07 14:05:04

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security