Authenticating a user via wcf - asp.net

I have a java app with a .net application running in the java applications embedded browser.
I want the java application to call a .net WCF or web service with a username and password.
The wcf will set the user to authorized in forms authentication.
In the java desktop application I will then load a .aspx page that was protected via forms authentication.
How can I accomplish this? Is it even possible...?

You will need to enable ASP.NET compatibility mode on the WCF service in order to enable forms authentication.
The Java client application could send username and password over a secure connection and your WCF service authenticates the user via FormsAuthentication.Authenticate(username, password) or FormsAuthentication.SetAuthCookie.
You will then need to use a cookie store on the Java client side in order to pass the authentication cookie on every consecutive request (and update it when it gets refreshed), but this should be a built-in feature of your HTTP-client.
The .aspx page must run on a server with the same machine key as the WCF service.
Conclusion: Yes, it is possible, but for me it is not clear to which ".NET application" you refer to?
Edit: I think its clear now, you will need to be able to set the browser cookies. If you cant do this directly from your java application, a workaround would be to let the WCF service communicate that the user is authenticated and then set the cookie on the .aspx site request.

Related

Asp.Net Web Form calling same domain WCF service without need for authentication

I have a aspnetcompatibility=true WCF service (http binding) in the same domain of my Asp.Net website.
I want to make a call from my Asp.Net server side code to the WCF service.
I have tried to make a web request to http://testDomain/mySite/services/mySvc.svc but got the login page instead.
Is there a way to call the wcf service from the same domain asp.net site so that the service knows to not authenticate again?
Note: I use IIS7, and I'm open to change by binding as long as I can make a call to it w/o authentication. I'm hoping to host the svc in IIS.
Try to enable windows authentication in IIS for your hosted service and disable anonymous authentication (if it is enabled). Besides, pass security credentials (domain credentials perhaps in your case) from the client to the service.

How to protect a WCF Rest service with username and password?

I'm new in WCF and I want to know how can I protect a WCF Rest service.
I have an asp.net website, only registered users can access it, the application uses a service hosted on the same IIS server, my question is, how can I restrict the use of this service, for that only registered users may use it, knowing that the service can be used by many clients (Android, iPhone, ...). what type of authentication I can use? to test the service I created a winform and I use an HttpWebRequest.
PS: I cant use https.
Thanks
Simplest way is to use asp.net compatibility mode. The WCF service call will result in the same preprocessing used for ASP.NET pages, including checking the ASP.NET auth and session cookies. You will also be able to check HttpContext, including httpcontext.current.user.identity.isauthenticated. If the user is not authenticated, throw an exception or return an error code. Here is some more information: http://msdn.microsoft.com/en-us/library/aa702682.aspx.
So if you are already using forms auth for your application, and the service should be called after a user has logged in to your application, you are set.
You can also create an authentication service. The service will allow the client to send a username / password, and will use ASP.NET authentication to authenticate the user. It will send back an auth cookie, and then you can check future service calls as above. See http://msdn.microsoft.com/en-us/library/bb386582.aspx.
I believe the authentication service can called using json. See How to Call .NET AuthenticationService from json client without ASP.NET.

Silverlight and ASP.NET AuthenticationService with self-hosted WCF Service?

I have an internal LOB Silverlight client that uses business logic in a self-hosted WCF service (cross domain).
I'm thinking of using ASP.NET AuthenticationServices. How would I set this up with my self-hosted WCF service?
Call ASP.NET AuthenticationService from Silverlight to authenticate user? But this would not protect my self-hosted service...
Send username/password in every request from Silverlight and in my self-hosted service call ASP.NET Authentication Services? (Feels a bit backwards?)
Call ASP.NET AuthenticationService from Silverlight to authenticate user, send username/password in every request from Silverlight to allow logging etc, and use some other means to protect my service?
Is there some way to glue this together or is ASP.NET AuthenticationService not meant to be used when having a self-hosted WCF service?
All of the research I've done on the WCF Authentication Service indicates it's usage is for same-domain (RIA-like) applications. It sets the HttpContext.Current.User and creates a user session, so you can restrict your other WCF endpoint in some subfolder of the hosting website and control access via the web.config file. In this scenario, you can use the log the HttpContext user. If you plan to do things cross-domain, I think you'll find you need to use a combination of Transport (HTTPS) and Message security in the WCF binding configuration. This basically means your 2nd bullet point is true and you'll need to set the Username/Pw on the service client credentials (using Windows Auth or forms auth) and all WCF to send them across the wire with each message...

Can we have login form in wcf services

I have a set of services in my web service. every one should be authenticated before accessing any one of service. To achieve this, i want to add a login page in web service project with form authentication. is it possible?
How would a client which is another program authenticate through a form?
You should have a look at the various built in security features that are in WCF, such as using basicHttpBinding with Windows authentication at the HTTP level.

Silverlight and ASP.NET authorization

My website uses Forms authentication. I did silverlight 3 module which is designed to work in context of asp - authenticated user. Silverlight module talks with WCF hosted by the same asp.net website, but the issue is that it cannot authenticate to WCF service.
I run Fiddler and I see that .ASPXAUTH cookie is not sent to WCF service.
How to force Silverlight to get this cookie from browser and send it to service?
Finally I solved it.
The problem of missing cookie was made by inproper host name.
I was sending asp.net requests to myhostname, but SL was calling WCF using myhostname.mylocaldomainnam.local. This is why there was no .aspauth cookie during WCF calls.
I've used it successfully. First, I make sure that there are is a service endpoint for the WCF AuthorizationService used by ASP.NET. Then use the Silverlight project to generate a "Service Reference" to the AuthorizationService. Finally, in your module, you will use that service reference to login your visitor using their credentials stored within your provider. If you have some more information on how you've built your site, I might be able to offer a more concise answer to your problem.

Resources