0

I wanted to implement an ASP.NET Forms Authentication and Authorization procedures for my Windows Forms or WPF applications communicating with an ASP.NET WCF(and SOAP) web services.

Using Fiddler I investigated how Silverlight commnicates with its WCF RIA Services web service during login/logout procedures, and as far as I see this communication is just a set of POST and GET HTTP calls.

As far as I understand the actual Authentication and Authorization happens on WCF service side via ASP.NET Membership and Roles providers - I know how to handle this by code.

What I don't know for sure is what could be the most high level System.Net set of classes and their methods to implement an ASP.NET Forms Authentication and Authorization between a WinForms/WPF app and an ASP.NET WCF(/ and if possible also SOAP) Web Service, with communication session kept alive after login, with ASP.NET service/app cookies transferred here and there as transparently for me as possible (IOW without too much low level C#/.NET Framework programming). Would System.Net.WebClient be good enough to implement my task? Do you know any ready to use simple open source C# solutions?

halfer
  • 19,824
  • 17
  • 99
  • 186
ShamilS
  • 1,410
  • 2
  • 20
  • 40

1 Answers1

2

Years ago I've blogged on that

http://www.wiktorzychla.com/2010/04/aspnet-forms-authentication-sharing-for.html

http://www.wiktorzychla.com/2008/02/clickonce-webservice-and-shared-forms.html

The idea is to share the forms authentication cookie so that the wcf service is also guarded by it. This way you can even run the application from within the browser (clickonce) or implement a custom login form that just sends the username/pwd to the server and gets the cookie and then uses it.

Technically, to have a wcf service guarded by forms cookies you need to take care of several key elements, all described in my blog entry.

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
  • Thank you for your reply. If I have got it properly, you're "borrowing" ASP.NET Forms authentication cookies in a ClickOnce application from a logged in to an ASP.NET site user? And my task is to *directly login* from WinForms/WPF application to an ASP.NET WCF/SOAP web service and keep this logged-in connection alive (as effortlessly as possible with authentication cookies auto-flowing here and there) while WinForms/WPF application communicates with a web service via System.Net.WebClient instance. I suppose it's possible. Look how cookies are created on login http://tinyurl.com/pwlpdq3 – ShamilS Sep 04 '15 at 16:24
  • @ShamilS: Once again, you can have a method in your service that takes anything from the user and issues a cookie. This way you directly login from winforms app to a wcf service. Also, forget about the webclient, use service proxies instead or at least the ChannelFactory. That will save you a lot of effort. – Wiktor Zychla Sep 04 '15 at 16:39
  • Thank you for your additional note. Would it be correct if I treat it as you saying that if I use a service proxy (/ChannelFactory) instead of System.Net.WebClient, and I will have, say, Login, GetReport and Logout methods for my web service, where Login will issue FormsAuthentication.SetAuthCookie(userName, false) [with username/password verified before this call], GetReport will use - if (Thread.CurrentPrincipal.Identity.IsAuthenticated) { ..., and cookies created in Login will auto-flow between server and client till Logout web call drops cookies by FormsAuthentication.SignOut() ? – ShamilS Sep 04 '15 at 18:02
  • @ShamilS: yes, that is exactly how this should be done. – Wiktor Zychla Sep 04 '15 at 18:35