I have a aspnetcompatibility=true WCF service (http binding) in the same domain of my Asp.Net website.
I want to make a call from my Asp.Net server side code to the WCF service.
I have tried to make a web request to http://testDomain/mySite/services/mySvc.svc but got the login page instead.
Is there a way to call the wcf service from the same domain asp.net site so that the service knows to not authenticate again?
Note: I use IIS7, and I'm open to change by binding as long as I can make a call to it w/o authentication. I'm hoping to host the svc in IIS.
Try to enable windows authentication in IIS for your hosted service and disable anonymous authentication (if it is enabled). Besides, pass security credentials (domain credentials perhaps in your case) from the client to the service.
Related
I have an internal LOB Silverlight client that uses business logic in a self-hosted WCF service (cross domain).
I'm thinking of using ASP.NET AuthenticationServices. How would I set this up with my self-hosted WCF service?
Call ASP.NET AuthenticationService from Silverlight to authenticate user? But this would not protect my self-hosted service...
Send username/password in every request from Silverlight and in my self-hosted service call ASP.NET Authentication Services? (Feels a bit backwards?)
Call ASP.NET AuthenticationService from Silverlight to authenticate user, send username/password in every request from Silverlight to allow logging etc, and use some other means to protect my service?
Is there some way to glue this together or is ASP.NET AuthenticationService not meant to be used when having a self-hosted WCF service?
All of the research I've done on the WCF Authentication Service indicates it's usage is for same-domain (RIA-like) applications. It sets the HttpContext.Current.User and creates a user session, so you can restrict your other WCF endpoint in some subfolder of the hosting website and control access via the web.config file. In this scenario, you can use the log the HttpContext user. If you plan to do things cross-domain, I think you'll find you need to use a combination of Transport (HTTPS) and Message security in the WCF binding configuration. This basically means your 2nd bullet point is true and you'll need to set the Username/Pw on the service client credentials (using Windows Auth or forms auth) and all WCF to send them across the wire with each message...
I have a web application (say app1) which is hosted in a IIS server virtual directory.
This web application needs Integrated Windows Authentication for its functioning.
I need to integrate this web application with another product which does not use supply me windows credentials.
This application sends me an http request in a specific format.
I need to validate the request and redirect it to app1 with valid windows credentials so that it logs in smoothly.
I have created another application for this purpose
This is hosted on a separate virtual directory.
It has IIS anonymous and asp.net anonymous authentication enabled.
the pseudo code is as follows :
app2
parse request
if request sucessful
get windows credentials
get identity using credentials
reponse.redirect(app1.aspx)
But app1 authentication fails, IE asks me for credentials again.
Ideally IE should not ask me for credentials.
What would be the security context sent in the request to app1.
How can I trace the authentication failure at iis and asp.net?
To do this you need a trust relationship between the domains.
The response.redirect just sends a response back to the browser which then makes a request for the page in the redirect. So the identity is the identity of the browser.
I have a java app with a .net application running in the java applications embedded browser.
I want the java application to call a .net WCF or web service with a username and password.
The wcf will set the user to authorized in forms authentication.
In the java desktop application I will then load a .aspx page that was protected via forms authentication.
How can I accomplish this? Is it even possible...?
You will need to enable ASP.NET compatibility mode on the WCF service in order to enable forms authentication.
The Java client application could send username and password over a secure connection and your WCF service authenticates the user via FormsAuthentication.Authenticate(username, password) or FormsAuthentication.SetAuthCookie.
You will then need to use a cookie store on the Java client side in order to pass the authentication cookie on every consecutive request (and update it when it gets refreshed), but this should be a built-in feature of your HTTP-client.
The .aspx page must run on a server with the same machine key as the WCF service.
Conclusion: Yes, it is possible, but for me it is not clear to which ".NET application" you refer to?
Edit: I think its clear now, you will need to be able to set the browser cookies. If you cant do this directly from your java application, a workaround would be to let the WCF service communicate that the user is authenticated and then set the cookie on the .aspx site request.
I have a set of services in my web service. every one should be authenticated before accessing any one of service. To achieve this, i want to add a login page in web service project with form authentication. is it possible?
How would a client which is another program authenticate through a form?
You should have a look at the various built in security features that are in WCF, such as using basicHttpBinding with Windows authentication at the HTTP level.
My website uses Forms authentication. I did silverlight 3 module which is designed to work in context of asp - authenticated user. Silverlight module talks with WCF hosted by the same asp.net website, but the issue is that it cannot authenticate to WCF service.
I run Fiddler and I see that .ASPXAUTH cookie is not sent to WCF service.
How to force Silverlight to get this cookie from browser and send it to service?
Finally I solved it.
The problem of missing cookie was made by inproper host name.
I was sending asp.net requests to myhostname, but SL was calling WCF using myhostname.mylocaldomainnam.local. This is why there was no .aspauth cookie during WCF calls.
I've used it successfully. First, I make sure that there are is a service endpoint for the WCF AuthorizationService used by ASP.NET. Then use the Silverlight project to generate a "Service Reference" to the AuthorizationService. Finally, in your module, you will use that service reference to login your visitor using their credentials stored within your provider. If you have some more information on how you've built your site, I might be able to offer a more concise answer to your problem.