0

I have an asp.net 4.0 application (client) that makes ajax/json calls to a http facade that then passes on the calls to our wcf service layer.

Users must authenticate on the client using forms authentication. The idea then being that the authentication cookie will be passed to and be accessible at the http facade. [Design based on Dino Esposito's book - Microsoft ASP.NET and AJAX: Architecting Web Applications]

The problem is, that at the facade, HttpContext.Current.User.Identity.Name is an empty string and IsAuthenticated is false.

I have enabled compatibility by adding the following to my system.ServiceModel section in my web.config (http facade level):

<system.serviceModel>   
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />  
</system.serviceModel>

I have decorated my service with the following:

    [AspNetCompatibilityRequirements(RequirementsMode =
 AspNetCompatibilityRequirementsMode.Required)]

When I am debugging in the ajax/facade app I can see that cookies exist at HttpContext.Current.Request.Cookies. It appears that Anonymous is being used and not my authenticated user.

Both applications are running on the same IIS server.

Calls to the AJAX enabled wcf service are made via serviceProxy.js. Perhaps this method is not passing the necessary cookie?

WCF tracing is currently showing '..ASPXANONYMOUS=.....; ASP.NET_SessionId=....; .ASPXAUTH=.....' in the message log.

I get the feeling I am missing something simple but am too close to the problem.

Any suggestions welcomed.

Tim Schmidt
  • 3
  • 2

1 Answers1

1

I am not sure I completely understand the context of what you are trying to accomplish, but if these are two separate applications you are going to need to share machine keys in order to decrypt/encrypt the auth cookies in both.

in your web.config, make sure you have the following set:

<machineKey
  validationKey="[generated key]"
  validation="HMACSHA512"
  decryptionKey="[generated key]"
  decryption="AES"
  />

see how to generate these keys (and more info about them) on this codeproject article:

ASP.Net machineKey Generator - CodeProject

Let me know if this helps...

Leland Richardson
  • 2,695
  • 2
  • 20
  • 27
  • Thanks Leland. I owe you a beer or something. I had a assumed that a machine key was per machine and not somehow different per application. They are two seperate applications. – Tim Schmidt Jul 27 '12 at 06:19
  • No problem, Tim. Glad it helped. Normally they are just auto-generated - which can get you in trouble even for a single application as the cookies won't match if you re-deploy (even on the same machine). Can end up driving the users mad when their "Remember Me" check box isn't working... – Leland Richardson Jul 27 '12 at 15:16