views:

43

answers:

0

The setup:

  • ASP.Net website with login required before accessing any directory of the website

`

<authorization>
  <deny users="?"/>
  <allow users="*"/>
</authorization>

`

  • the website is also a host for WCF service which is used by external applications to bypass the firewall (service isn't used by the website at all)

  • external thick-client desctop application which requires login (with the same credentials as the website login) but after successfull login needs to call WCF service hosted on the website

The problem that I'm running into is that once the user logs into the thick client and tries to call the service, the response is the HTML of the login page which it being automatically redirected to. I am confused as to how to bypass this security layer but still not expose the services bare to the world.

Ideally, I would like the thick client to login (under some obscure ThickClientUser username) and then create the same sort of cookie as it normally would for the website login. I would then use the <allow user="..."/> to hardcode the ThickClientUsername to allow access to the directory where my services are stored.

Is there any way to create some web app equivalent cookie for thick client that I can use to access some directories on the website?