How do I authenticate user between ASP.NET and WCF?

Question

We are developing a browser based intranet application. All users have active directory account, so obvious choice would be use Integrated Windows Authentication. But there will be multiple users accessing same client machine so we decided to use form based authentication (but authenticated against AD).

In this scenario what is the best way to authenticate between my ASP.NET application (IIS) and WCF Services (another server IIS 7). I don't want to use asp.Net Compatibility mode or certificate.

I am thinking to create another domain account to authenticate ASP.NET and WCF. I am also passing the information about the current ASP.NET user to WCF as header info. Is this the right way to do? The following code will call from ASP.NET to access and get each service method.

 // Call WCF service from ASP.NET Application using a new domain account for each call.
 proxy.ClientCredentials.Windows.ClientCredential.Domain = "mydomain";
 ServiceReference.HelloWorldClient proxy = new ServiceReference.HelloWorldClient();
 proxy.ClientCredentials.Windows.ClientCredential.UserName = "new_domain_account";
 proxy.ClientCredentials.Windows.ClientCredential.Password = "password";

Is there any better way to authenticate WCF from ASP.NET?

Thanks, Ash.

Answer 1

There is nothing special about authenticating an ASP.NET app to WCF service. All normal auth options are available (username, X.509, windows).

The interesting here is that you want to pass the browser-based client credentials also. This is a known pattern called a trusted sub system. And yes you can pass these in the header as long as the message is protected (encrypted).