Context:
There are a few threads here on Stack and on Bing that talk about WCF and session sharing with ASP.NET. None satisfy my issue fully. So here goes:
I have an MVC site which also has a few services in the RouteTable under the path "/services". This all works really nice. I can call Controller actions and WCF service methods both.
I have enabled WIF and Federated Authentication with the Windows Azure Access Control Service (ACS). This also works nicely. I can login using Facebook, Google etc. and a session is clearly established on my site. I can call the MVC controller actions and the WCF methods. Inside the body of those the IPrincipal for the current user is set to my current session.
Now I want to be a good boy and use a custom ClaimsAuthenticationManager and a custom ClaimsAuthorizationManager. A weird problem now occurs:
The setup:
For this scenario I am logged in. I have a session. I can confirm this inside of the method bodies of my MVC controller methods and my WCF service methods. This means we can leave the custom ClaimsAuthenticationManager out of this since it is not being touched when I already have a session.
It's the custom ClaimsAuthorizationManager which causes my headache.
When I make a call to the MVC site I am authenticated with my session inside of the ClaimsAuthorizationManager.CheckAccess method AND also inside of the body of my MVC controller actions. So far so good.
The problem:
When I make a call to the WCF services I am NOT authenticated with my session inside of the ClaimsAuthorizationManager.CheckAccess method but I am authenticated (suddenly) as I hit my breakpoint inside of the WCF service method.
This just does not make any sense! It seems my session is not inflated inside of the ClaimsAuthorization manager but further down the pipeline when I hit my own WCF code the session is in place!
How can this be?
Cheers,
Magnus
. 