Here's what I'm trying to do.
We have a SSO authentication service that other externally facing web pages and services use to authenticate users. A user tries to reach a service, if no cookie is found containing an authentication token, they are redirected to the SingleSignOn authentication service. The auth service does it's work, and redirects the user (HTTP 302) to the original URL with their encrypted authentication token in the URL. Great.
How can I invoke this from a WCF POX service? No SOAP here, just HTTP GET/POST with XML responses.
What I'm currently doing is, in each service method implementation method, checking the headers for the cookie. If the cookie exists, verify the auth token and process the request. If the cookie doesn't exist or the auth token has expired, then respond with:
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Redirect;
WebOperationContext.Current.OutgoingResponse.Location = string.Format( authServiceURL, returnURL );
That works, but isn't integrated with any of the WCF features, and requires me to manually code for a whole bunch of scenarios. Is there a way I could implement this using these classes:
<serviceCredentials>
<issuedTokenAuthentication>
</issuedTokenAuthentication>
or use some other means that checks each request to the service?
I've been reading pages like: How to: Create a Custom Token, but I don't see how it applies to my needs.
Any suggestions would be appreciated. I'm looking into this because I have some time before my project kicks off, and I'd like to implement this project correctly and learn about WCF as much as I can.