Hi,
I know this question must have been discussed million times in your organization. One more go.
Designing a LOB application which has its business operations exposed as services.
These services would be accessed by our own web application(ASP.Net MVC), smart desktop clients, mobile clients, as well as, our partners via either their web applications or single discreet calls.
As others are accessing the services and not only our web application, each call to the service needs to be authenticated and authorized.
What is the best and optimum security scheme? How do I pass authenticated user's credentials in each call from my web application to service? (Windows Identity Foundation??)
Is this the case for Windows Identity Foundation? If yes, what pieces fit where? and How?
Thanks for your help.
Regards.