I am in the process of building an application where clients (WPF) will be calling a web service to send data. These clients will have different roles: Employees, Managers, etc. and each client needs to send their username/password when calling the web service for authentication.
Can I use the ASP.NET membership provider for authentication/authorization in a class library that is wrapped by web services? Or this API should be used "only" in Asp.NET applications?
what other options do I have?
I have written command line tools to do maintenance on ASP.NET membership databases without any problem, so at a basic level there's no problem with non-ASP.NET applications calling into the ASP.NET membership methods.
Since you'd be doing without the ASP.NET controls that automate most of the membership handling, you'd have to write your own code to check passwords and roles. The following methods will probably help do this:
SqlMembershipProvider.FindUsersByNameSqlMembershipProvider.GetPassword (for this to work you must configure the membership provider to store encrypted passwords instead of hashed password)SqlRoleProvider.IsUserInRoleSo I think it's possible to make it all work. BUT there's no promise that at some point there won't be an awkward obstacle that will stop this working outside of ASP.NET, so prototype it first before committing a big project!