Authentication - asp.net ajax javascript call to wcf

Question

Hello,

We are loading the combobox on demand using a WCF service. This way, as the user starts typing, the ComboBox talks to the WCF service and fetches the necessary data.

We have forms authentication on the ASP.NET application. The issue is that I want to only allow the authenticated users from our system to make this WCF call.

I don't want to authenticate each and every request to the WCF service because for the autocomplete scenario, that would be too much. I thought of passing in a GUID value from the client in the combobox context and compare that value at the WCF end but that is not secured because the GUID value can be seen by performing View Source.

Has anyone else run into this issue? Any suggestions are appreciated.

Thanks, Pratik

Answer 1

I believe you need to setup sessions on the service and then turn on authentication, it should enable a login once scenario.

Checkout this guys answer, http://stackoverflow.com/questions/427954/wcf-sessions-with-https.

Answer 2

if you enable ASP.NET Compatibility Mode on your WCF service you could secure it the same way you would secure any ASP.NET page:

<location path="\secretWCFService.svc">
  <system.web>
    <authorization>
      <deny users ="?" />
    </authorization>
  </system.web>
</location>