There seems to be a plethora of resources out there on how to do this, but I haven't really been able to find anything to exactly do what I want to do. I'm trying to create a WCF web service that will require users to authenticate to be able to do anything (call methods, see WSDL, etc.). The authentication would be a custom piece I would write to connect to our LDAP server. I'd like to use forms authentication as I don't want the client to have to re-authenticate on each request. I'd like the service to just send a Forms Auth ticket cookie to the client which the client can send back for future requests (I'm ok with kludging this for client environments that don't support cookies, e.g. mobile app). However, on the service side I need to be able to in memory store data for each user that keeps a cached copy of the user's authentication groups (to avoid making repeated calls to the LDAP server), that could be easily looked up using just the Forms Auth ticket. I'm fairly new to WCF and Forms Authentication so I would appreciate it if you wouldn't skip over the "simple" things. Thanks!
It seems to me that you need to setup a Secure Token Service (STS) that will take care of the authentication. A STS can expose an LDAP or SQL table if you like.
Other alterantives can be Windows Azure ACS that allow you to federate against many different identity providers like Facebook and Google.
If your authentication source is Active Directory, then ADFS is the way to go.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With