ASP .Net MVC and WCF Identity (Claims) Integration

Question

We're building a platform where the client is an ASP .Net MVC one, using ASP Net Identity 2.0 for authentication and authorization (using Claims), which works great on the web side.

We also have a WCF service which allows CRUD operations on the database (for multiple client applications), which gets requests from this ASP .Net MVC client. As we want to validate (authenticate & authorize) the user before making specific CRUD actions in the WCF side, we need to get the claims of the user from the client, and perform the validations (preferably in a very clean manner using headers or any binding that WCF will be able to support for this matter).

I've been searching the different forums but with no simple answer\tutorial to this specific scenario. Can anyone assist on this matter?

Thanks, Nir.

Answer 1

I love this:

in your IEndpointBehavior implementation do this on the client end:

public object BeforeSendRequest(ref Message request, IClientChannel channel)
    {
        request.Headers.Add(MessageHeader.CreateHeader("token", "http://myurl.com/service/token", _theToken));
        return null;
    }

then on the service end add this to your ServiceAuthenticationManager

public override ReadOnlyCollection<IAuthorizationPolicy> Authenticate(
        ReadOnlyCollection<IAuthorizationPolicy> authPolicy, Uri listenUri, ref Message message)
    {
        IPrincipal user = new MyUserPrincipal(null);

        if(_currentServiceContractType.GetInterfaces()
                                        .Any(x => x == typeof(IMySecuredService)))
        {
            var tokenPosition = message.Headers.FindHeader("token", "http://myurl.com/service/token");

            if (tokenPosition >= 0 && tokenPosition <= 5)
            {
                var encryptedToken = message.Headers.GetHeader<string>(tokenPosition);

                if (!string.IsNullOrWhiteSpace(encryptedToken))
                {
                    var serializedToken = new MyEncryptionUtility().Decrypt(encryptedToken);
                    var token = MyTokenSerializer.Deserialize(serializedToken);
                    var expire = new DateTime(token.ValidToTicks);
                    if (expire > DateTime.Now)
                    {
                        user = new MyUserPrincipal(token);
                    }
                }
            }   
        }
        message.Properties["Principal"] = user;
        Thread.CurrentPrincipal = user;
        return authPolicy;
    }

This gives you then the ability to use the built in claims or WIF claims authentication. Eitherway, this is very simple. The token is created by the service and sent to the client (web) and stored in the cookie. then when there are any requests, the token is grabbed from a cookie and then sent along to the service, where, inevitably you can start adding permissions service side, versus doing them on the web/mvc side, making a much cleaner code base using everyone's favorite friend, SOA >= :)