tags:

views:

547

answers:

1
Q: 

Impersonate FormsAuthenticated user in HttpHandler for WCF call

I'm using HttpHandlers to generate PDF report files "on-the-fly" using the authenticated user context. However, to create the report PDF file I need to call a method on a secure WCF service with the context of the caller (the authenticated user).

I saw plenty of answers for the Windows authentication but I'm using plain old Forms authentication so the answers don't apply. The authentication on the service side is done using ASP.NET membership (same server that hosts the HttpHandler).

There should (I hope) be a way for me to just pass on the caller context to the service.

I'm afraid I didn't make myself clear enough.

What I have is a WCF service and an HttpHandler. The user is authenticated with the WCF service with ASP membership.

What I want to do is, in the HttpHandler, be able to do

SetContextAsCaller();
myWCFService.MyMethodCall();

and have MyMethodCall() called using the HttpCaller's context to pass on its ASP ticket/username etc.

+1  A: 

You could - depending on what binding and thus transport protocol you use - use UserName/Passwort authentication, and instruct the WCF server side to use ASP.NET membership provider for authenticating the incoming callers.

Check out the Fundamentals of WCF Security and this blog post series on WCF security scenarios - they contain a lot of very useful information on how to use and set up WCF security.

Does that help, or do you need additional info? If so: what do you need?

Marc

UPDATE:
OK, after you commented, here are a few more articles that deal specifically with a WCF service impersonating the caller - hope these help:

marc_s  2009-08-06 15:22:08
Thanks for the quick answer but that's not what I need. I already have a secure WCF service. This is my issue because in the service I use ASP membership to validate the caller and get its user ID. When I call the service through the HttpHandler, I loose the caller's context and the service call fails.I'd like to impersonate the HttpHandler's caller when making the call to the WCF service.
R4cOON  2009-08-07 06:14:02
OK, updated my answer with some additional articles on WCF impersonation - do these help?
marc_s  2009-08-07 06:45:16

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps