I am creating a website that is protected by a SAML token for single sign-on. In one of the forms there are many input fields that should trigger updates and checks on the same or different input field and the contents of the table.
Validation and updates are processed on the server side. Updating the value in the form launches javascript, which notifies the server using the WCF JSON web service. The service then returns the new values ββand validation messages.
The problem is that the web service needs to be protected and access must be granted using the SAML token issued to the user by logging into the website.
[Edit: more research] After authentication, the SAML token is always passed to the server as a FedAuth cookie. Adding a marker to the JSON (or ajax) Get header is not required. The problem is that I cannot allow WIF to handle cookie validation. So I removed federated authentication from the JSON service and try to read the cookie from the HttpContext. What works, but I can not decrypt it.
Does anyone with exprerience? Does anyone have any experience with this?
source share