Hi All,
I am developing a silverlight 3 application using WCF RIA services. I am using the AuthenticationBase class to handle my authentication. As I understand it under the hood this uses the ASP .NET authentication libraries.
When I log into the site the authentication service handles login state so that if I close the site and open it straight away I am still logged in according to the server. When the webpage is refreshed or closed and reloaded I can call the method,
WebContextBase.Current.Authentication.LoadUser()
And it goes back to the authentication service (running on the server) and figures out whether I am still logged into the site. If a timeout has occured the answer will be no. If that is the case I can show a login dialog.
The problem I want to solve is that the authentication service consumes the password, and there is no way I can ever retrieve that password again.
If the user logs into the site I want to store the password on the server, and return a token to the client side to match up with that password. I have some other services on the server side that need that password.
So where should I store that password on the server? How can that be done? How does the WCF authentication store state?