How to use authentication cookie from WCF Authentication Service in an ASP.Net MVC application

Question

Okay, I've had little luck finding any documentation or tutorials for my specific scenario.

I have an ASP.Net MVC web application that will be using WCF services for everything including authentication and roles (via membership providers on the WCF backend).

I've had no problem setting up the authentication services but it does not set a cookie in the web app. The docs for the Login method of the service indicate that wiring up the CreatingCookie Event is possible, but it does not have any affect on the client (I tried on the service side as well, again no affect). So I figured out how to capture the cookie. I have tried to manually set the auth cookie on the client, but so far it is not working; decrypting fails due to padding, and setting the cookie value from the one given by the server is not readable by the client.

Does anybody know how you are supposed to use the cookie that is generated by the WCF Authentication Service? Do I just assume the session is all managed on the WCF server and just check IsLoggedIn() on the service at every page load?

Thanks in advance.

Answer 1

Tap,

I have recently been trying to implement the same functionality you have described. I have managed to get it working with the following code:

    private readonly AuthenticationServiceClient service = new AuthenticationServiceClient();

    public void SignIn(string userName, string password, bool createPersistentCookie)
    {
        using (new OperationContextScope(service.InnerChannel))
        {
            // login
            service.Login(userName, password, String.Empty, createPersistentCookie);

            // Get the response header
            var responseMessageProperty = (HttpResponseMessageProperty)
                OperationContext.Current.IncomingMessageProperties[HttpResponseMessageProperty.Name];

            string encryptedCookie = responseMessageProperty.Headers.Get("Set-Cookie");

            // parse header to cookie object
            var cookieJar = new CookieContainer();
            cookieJar.SetCookies(new Uri("http://localhost:1062/"), encryptedCookie);
            Cookie cookie = cookieJar.GetCookies(new Uri("http://localhost:1062/"))[0];

            FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
            if (null != ticket)
            {
                //string[] roles = RoleManager.GetRolesFromString(ticket.UserData); 
                HttpContext.Current.User = new GenericPrincipal(new FormsIdentity(ticket), null);
                FormsAuthentication.SetAuthCookie(HttpContext.Current.User.Identity.Name, createPersistentCookie);
            }
        }
    }

It does exactly what you have described the comment to your question.