ASP.NET for WCF - end-to-end security?

Question

ASP.NET for WCF - end-to-end security?

I have an MVC website that sits on top of a WCF service. WCF is also available on the Internet with username and password authentication using message and certificate security. This is setup and work.

Both the website and the service use the same member store using the membership API.

A user can register on a website or service using the same credentials. However, when the website calls the service, it needs to pass the credentials of the current user. I can get the username from

Membership.GetUser().UserName

but I can not get the password!

Is there any other way to substantially transfer the website user credentials for the service?

Any help is much appreciated ...

+2

asp.net wcf membership

Markb Aug 11 '10 at 16:09

source share

1 answer

Ladislav Mrnka · Accepted Answer · 2010-08-11T20:36:41+0000

This is a very strange architecture. Why authenticate a user twice? Just configure another endpoint (net.pipe) for your MVC and avoid a second authentication. If you need to know the authenticated user in the service, you also have two options that depend on the trust in your MVC application:

Send username as custom message header. Cons: if a hacker bypasses your authentication, she can call your service with any username.
MVC. WCF MVC, . , . : .

: . .

ASP.NET for WCF - end-to-end security?

More articles: