I'm working on an Web API that have a web (ASP.NET MVC), WCF service and mobile interfaces (Android/ iPhone) and i have token authentication for API.
The MVC and API have user identity to verify the users, but WCF service won't have this user identity.
Here, i need to have access the WCF service from the mobile client with security.
Application structure,
So, How can verify or share the user identity with WCF service?
Can i use the same OAuth token in WCF service to identify the user? or Is there any other standard way to do it ?
With given high level detail, ADFS should be a right fitment for your requirement, with that Identity validation can be achieved for WCF based services as well.
Refer below link to MSDN guide for a detailed approach.
A Guide to Claims-Based Identity and Access Control
However, I presume this solution for new requirements, if so, why still WCF service is required when Web API can be manage external http requests? and given that there is no DB interaction through WCF services as per diagram.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With