ASP.NET, SilverLight, WCF & Forms Authentication - How to configure endpoints?

Question

I have this existing environment:

1) ASP.NET 3.5 web application

2) forms authentication with the SqlMembershipProvider

I need to add the following:

1) a Silverlight charting object embedded in a web page.

2) a WCF service to be consumed by:

 a) the Silverlight component embedded in an authenticated 
       web page, as mentioned above

 b) server-based WCF clients with certificate based authentication

My question is - what is the easiest/best way to configure the WCF endpoints for the Silverlight object to authenticate to the WCF service using the security context of the already logged-in user (via the page that’s hosting the Silverlight object) without having to use the user's username/password again?

I've researched a lot of the MSDN and Patterns & Practices material and I thought I had a decent grasp of many of the potential authentication scenarios. But I can't seem to figure out a way to tie them together for the scenario I've outlined. I've found other people posting similar questions to mine but none of the answers I've read seem to fully answer their questions either. (Maybe I'm making this harder than it needs to be?)

I would think that the solution would be to somehow use the authentication token/cookie generated in the asp.net form login and somehow pass that to the Silverlight object which then includes it in the WCF request. But I don't see how to configure the WCF endpoint to use that token.

(In some of my other projects I've implemented the server-to-server scenario in 2.b above using certificate-based authentication, so I'm not too worried about adding that to the current mix I've outlined.)

Thanks in advance for any insight or pointers to the path forward.

Terry

Answer 1

Have you tried to enable your WCF services with aspNet compatibility, then see if the following is true.

string currentUserName = HttpContext.Current.User.Identity.Name;
bool isLoggedIn = HttpContext.Current.User.Identity.IsAuthenticated;

if these properties are being populated with the expected values, then this is the one you are after.

To enable aspNet Compatibility

add to web.config

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />

add to the service impl class

[AspNetCompatibilityRequirements
  (RequirementsMode=AspNetCompatibilityRequirementsMode.Required)]

In this case, the endpoint would be using basicHttpBinding, and you could check the authentication at run time within WCF.

Answer 2

Thanks codemeit for trying to help but I finally figured out what I was doing wrong - it was pilot error.

In trying to configure the endpoints for my Silverlight app I was testing with an asp.net page. I finally realized that when I test that way, the client endpoint is no longer originating from the authenticated browser - the client endpoint is the IIS server which in turn executes the request against the WCF server endpoint. So the security context changes and HttpContext.Current.User.Identity is always empty at the WCF server endpoint.

Once I got my test SL app running in the browser, it automatically inherited the security context of the authenticated browser and then HttpContext.Current.User.Identity was correct and authenticated at the WCF server endpoint.