I'm writing a new desktop app as a smart client. Although it will need to cache some data locally, data will be downloaded and commands issued via a WCF web service.
So that "not just anyone" can call the web service operations to get data or issue commands, I'd like to use forms authentication. I'd like users of the desktop app to log into it with their website credentials (all on the same domain), and from them on for the app to supply the "token" (cookie or whatever) with each WCF request, so that the WCF service can authenticate/authorise them.
Is this possible, and could someone point me in the right direction (keywords, tech to research), please?
I know that I could "roll my own" where I have an authentication service that will return a token, and that each web service operation could require a token that it will look up authorisation information for, but it seems we already have this in the ASP.NET membership stuff, so I'd like to make use of it.
Many thanks in advance.
