tags:

views:

330

answers:

4
+4  Q: 

How do I authenticate user between ASP.NET and WCF?

Hi, We are developing a browser based intranet application. All users have active directory account, so obvious choice would be use Integrated Windows Authentication. But there will be multiple users accessing same client machine so we decided to use form based authentication (but authenticated against AD).

In this scenario what is the best way to authenticate between my ASP.NET application (IIS) and WCF Services (another server IIS 7). I don't want to use asp.Net Compatibility mode or certificate.

I am thinking to create another domain account to authenticate ASP.NET and WCF. I am also passing the information about the current ASP.NET user to WCF as header info. Is this the right way to do? The following code will call from ASP.NET to access and get each service method.

 // Call WCF service from ASP.NET Application using a new domain account for each call.
 proxy.ClientCredentials.Windows.ClientCredential.Domain = "mydomain";
 ServiceReference.HelloWorldClient proxy = new ServiceReference.HelloWorldClient();
 proxy.ClientCredentials.Windows.ClientCredential.UserName = "new_domain_account";
 proxy.ClientCredentials.Windows.ClientCredential.Password = "password";

Is there any better way to authenticate WCF from ASP.NET?

Thanks, Ash.

A: 

umm... if you have AD and they log in with their credentials it does not matter what machine they are on, just use AD. So what if they use the same machine.

In any case, microsoft has a lot of information on this issue here:

http://wcfsecurity.codeplex.com/wikipage?title=Application%20Scenarios&referringTitle=Home

Check it out.

Hogan  2010-02-19 01:06:52
wcf service setup as Integrated Windows Authentication. There will be many users access one client PC using their AD account. They don't want to logoff windows to access this application. so i setup form authentication. But after they login (form), if they access WCF the identity will be the original windows login user not the form user.
Ash  2010-02-19 01:19:34
Ah, I think I understand, you don't want to setup Kerberos. If you setup Kerberos then you can authenticate with AD on the web service without the user having to do anything. Or is this the better way you are talking about?
Hogan  2010-02-19 01:22:17
yes i want to setup Kerberos and i want to authenticate with AD, but there any way I can pass currently authenticated ASP.NET form user to WCF so WCF think it as the current user. (AD user). Currently WCF does authenticate, but not the latest form user but the original windows login user. Thanks for the link but i couldn't find the right answer for it.
Ash  2010-02-19 01:37:14
+2  A: 

There is nothing special about authenticating an ASP.NET app to WCF service. All normal auth options are available (username, X.509, windows).

The interesting here is that you want to pass the browser-based client credentials also. This is a known pattern called a trusted sub system. And yes you can pass these in the header as long as the message is protected (encrypted).

Yaron Naveh  2010-02-20 12:26:36
+1  A: 

This sounds like it's not a WCF problem but a problem with the browser transparently authenticating.

Try disabling Windows-integrated authentication in IIS for the ASP.NET app, and switching to either Basic or Digest authentication. Both of these will still authenticate against AD, but the browser will not transparently authenticate the logged-on user.

Then in your ASP.NET app, just have it use impersonation and pass whatever credentials IIS is aware of to the WCF service that you're calling.

Brad  2010-05-10 20:26:28
A: 

I don't know ASP.NET at ALL, but I have done WCF some, and I think what you need to do is to get the "form login" to then impersonate the user in the current thread, and then initiate the WCF connection to the other server. Take a look at this article on msdn for a quick overview of some of this purely within WCF. I don't know how you'll integrate this into the ASP.NET side (like I said, I know zero about that technology), but conceptually I think this is what you'll have to do.

Kevin  2010-05-10 20:35:27

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps