views:

496

answers:

2

My scenario is this - I have two ASP.net websites. Both sites run on the same machine and I have implemented single sign on relatively simply using the default asp.net membership provider (Forms based authentication).

I have a new WCF service on one site, which will be called from the other site. A user will be logged into the site, but the call to the service will be made from the codebehind following a postback.

Can somebody point me in the right direction so that I can pass through the Forms based credentials of the logged in user to the WCF service on the other site? Presently it's passing the NETWORKSERVICE windows credentials.

+2  A: 

Check out the WCF Security Guidance on CodePlex, and most notably:

How To – Use Username Authentication with the SQL Server Membership Provider and Message Security in WCF from Windows Forms

It shows quite nicely, step by step, what config you need on the server to make your WCF service use message security with user authentication against an ASP.NET membership store.

Also check out the article Fundamentals of WCF Security - page 3 shows the options about authentication and authorization - quite informative as well!

Hope this helps!

marc_s
Thanks for the links, very interesting.
Paddy
A: 

Sounds like you're after Impersonation, which would allow you to pass on the original caller's identity to the second service call.

See the CodePlex Link - Impersonation in WCF

Tanner