Passing user's identity across tiers with ASP.NET and WCF

Question

I'm new to WCF. Let's say I have two asp.net apps, one that uses windows authentication (an intranet app), and one that uses forms authentication (an internet app). I want both of these applications to have a service reference to a physically separate machine where all my business logic will live (in WCF). So, the app is like this:

Browser --> ASP.NET --> WCF. When the call ends up in the WCF tier, I need to know the username that ASP.net obtained (User.Identity.Name).

With .NET Remoting, I created a custom principal that I stashed in the LogicalCallContext. Then with a custom remoting sink on the remoting server side, I set the current thread principal to the principal in the LogicalCallContext.

What is the correct way to do something like this with WCF? Again, my WCF service may only be called by the service account running ASP.NET, but I need to know who the call is ultimately on behalf of.

Answer 1

I guess you'll want to check WCF Membership provider. I posted a few months about it http://sgomez.blogspot.com/2007/12/wcf-membership-provider-sample.html follow the links and also I'd recommend the book Learning WCF by Michele LeRoux Bustamante.

Good luck! (you're gonna need it)

Answer 2

Does your WCF service authenticate and trust the ASP.NET apps (e.g. using Windows Authentication to authenticate the service account under which the ASP.NET apps run).

If so, you could consider passing information about the ultimate caller in a custom SOAP header.

You can hide the gory details from your application code using a custom WCF behavior with a ClientMessageInspector that adds the SOAP header on the client side and a DispatchMessageInspector that processes the SOAP header on the server side.