tags:

views:

130

answers:

2
+2  Q: 

Authenticate every call in WCF

Hi,

I have a silverlight application that calls my wcf services so its a basichttpbinding. and we use forms authentication. I want to do a authentication check for every call that I receive except for the "AuthenticationService" (as this is the method which will do the basic authentication for login) so after user logs in and tries to call other services then I want this authentication check to be performed so that only authenticated users will be granted access to them. Is there is any best way to implement this... ???

After searching through various blogs, I came to know that we can use HttpContext.Current....IsAuthenticated property to check if user is authenticated or not. But my question is how secure and valid is HttpContext? Can we rely on that? or should we be using OperationContext? (and yes aspnetcompatability is set to true).

Please suggest!!

Thanks in advance
Sai

A: 

Here are some articles that may help:

http://msdn.microsoft.com/en-us/library/dd560702%28VS.95%29.aspx http://silverlightuk.blogspot.com/2008/03/silverlight-wcf-and-aspnet.html http://smehrozalam.wordpress.com/2009/01/07/securing-silverlight-application-and-wcf-service-using-aspnet-authentication-techniques/

Short answer is you can use the asp.net controls to do authorization, or use HttpContext.Current directly (as long as AspNetCompatMode is enabled).

alexdej  2009-11-05 18:52:33
Thank you for your reply... So I will go on with HttpContext then..
Sai  2009-11-06 09:42:52
+1  A: 

If you're hosting your WCF services in the ASP.NET runtime (i.e. <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />) then you should absolutely be able to rely on ASP.NET's security system.

Check out this answer I gave to another question on how to leverage ASP.NET security for ASMX services. The same approach can be used to secure a WCF service as long as you're enabling ASP.NET as your service hosting environment.

Drew Marsh  2009-11-06 02:24:54
Thank you for your reply... I did not understand how to apply Step#3 that you mentioned in the link for wcf service...if I apply authorization(<deny users="?">) then I cannot find even find the my wcf service using url - "http://localhost/myservice.svc" gives me error...http 404 resource not found...then I cannot add my service to other projects.. how can I apply authorization?
Sai  2009-11-06 09:47:01
You should be getting a 40*1* if anything. However, you said you have forms authentication enabled so the forms auth module should be capturing that and doing it's redirect to the login form. I'm assuming this service is some kind of AJAX bridge the way you've described it, otherwise forms authentication makes no sense.
Drew Marsh  2009-11-06 14:32:39

related questions

Silverlight DataBinding cross thread issue
Suggestions for migrating ASP.net app from 1.1 forward
Clone a control in silverlight
How to track if browser is Silverlight enabled
Image cropping C# without .net library
Large File Download
Image processing in Silverlight 2
ASP.NET vs. Silverlight
XAML - Accessing static fields
What's the best way to display a video with rounded corners in Silverlight?
How to do crossdomain calls from Silverlight?
Databind RenderTransform Scaling in Silverlight 2 Beta 2
Custom Attribute Binding in Silverlight
What is the purpose of the 'AppManifest.xaml' file in Silverlight applications?
Silverlight programatic access to Sony RZ30N Video Feed
Silverlight vs Flex
Version detection with Silverlight
What's your top feature request for Silverlight?
How do I update my UI from within HttpWebRequest.BeginGetRequestStream in Silverlight
Upload binary data with Silverlight 2b2
In silverlight, how to you attach a changeEvent handler to an inherited dependency property?
What is the easiest way to add compression to WCF in Silverlight?
What is the value-binding syntax in xaml?
Using SQLite with Visual Studio 2008 and Silverlight
Hiding inherited members in C#