.Net authentication for both web and winforms

Question

I have an ASP.NET web application I built for a client that uses default the ASP.NET forms authentication. They are now requesting a desktop (WinForms) app that works "with" the web application. I have created the webservices to access the data they want from the web app and put it into the desktop app. That works great.. but there needs to be the same level of security and data access based on roles that is already stored in the asp.net application.

So now it's time to make authentication work across both applications. I would like to take advantage of the asp.net authentication by prompting a login when a user first opens the WinForms application and the calls possibly a web service to authenticate the user, get the users role, and profile.

I'm sure this has done and or asked about.. I'm just not finding the question/answer in SO.

Answer 1

First: Use WCF for your web services. It's a better framework than the old ASMX services.

Second: WCF can utilize the same RoleProvider and MembershipProvider classes that your ASP.NET application utilizes. It's a simple configuration switch. Use them both and your web service requires the same credentials as the web application.

And... that's pretty much it.

For more info, see:

Implementing a Role Provider

Implementing a Membership Provider

How to: Use the ASP.NET Membership Provider

Answer 2

To add to Randolpho's answer: another feature users might like is the ability to save their credentials rather than entering them every time they start your application. You can use the Credential Management API for this as described in this answer.