Menu
Okay, I've had little luck finding any documentation or tutorials for my specific scenario.
I have an ASP.Net MVC web application that will be using WCF services for everything including authentication and roles (via membership providers on the WCF backend).
I've had no problem setting up the authentication services but it does not set a cookie in the web app. The docs for the Login method of the service indicate that wiring up the CreatingCookie Event is possible, but it does not have any affect on the client (I tried on the service side as well, again no affect). So I figured out how to capture the cookie. I have tried to manually set the auth cookie on the client, but so far it is not working; decrypting fails due to padding, and setting the cookie value from the one given by the server is not readable by the client.
Does anybody know how you are supposed to use the cookie that is generated by the WCF Authentication Service? Do I just assume the session is all managed on the WCF server and just check IsLoggedIn() on the service at every page load?
Thanks in advance.
877
For form authentication the user needs to provide his credentials through a form. Windows Authentication is used in conjunction with IIS authentication. The Authentication is performed by IIS in one of three ways such as basic, digest, or Integrated Windows Authentication.
For building custom authentication, we use membership provider class which is able to check the user credentials (username & password) and role provider class that is used to verify the user authorization based on his/her roles.
I have recently been trying to implement the same functionality you have described. I have managed to get it working with the following code:
private readonly AuthenticationServiceClient service = new AuthenticationServiceClient();
public void SignIn(string userName, string password, bool createPersistentCookie)
{
using (new OperationContextScope(service.InnerChannel))
{
// login
service.Login(userName, password, String.Empty, createPersistentCookie);
// Get the response header
var responseMessageProperty = (HttpResponseMessageProperty)
OperationContext.Current.IncomingMessageProperties[HttpResponseMessageProperty.Name];
string encryptedCookie = responseMessageProperty.Headers.Get("Set-Cookie");
// parse header to cookie object
var cookieJar = new CookieContainer();
cookieJar.SetCookies(new Uri("http://localhost:1062/"), encryptedCookie);
Cookie cookie = cookieJar.GetCookies(new Uri("http://localhost:1062/"))[0];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value);
if (null != ticket)
{
//string[] roles = RoleManager.GetRolesFromString(ticket.UserData);
HttpContext.Current.User = new GenericPrincipal(new FormsIdentity(ticket), null);
FormsAuthentication.SetAuthCookie(HttpContext.Current.User.Identity.Name, createPersistentCookie);
}
}
}
It does exactly what you have described the comment to your question.
EDIT
I am posting here the Server-Side portion of this code for reference.
public class HttpResponseMessageInspector : BehaviorExtensionElement, IDispatchMessageInspector, IServiceBehavior
{
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
{
HttpRequestMessageProperty httpRequest = request.Properties[HttpRequestMessageProperty.Name]
as HttpRequestMessageProperty;
if (httpRequest != null)
{
string cookie = httpRequest.Headers[HttpRequestHeader.Cookie];
if (!string.IsNullOrEmpty(cookie))
{
FormsAuthentication.Decrypt(cookie);
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(cookie);
string[] roles = PrincipalHelper.GetUserRoles(authTicket);
var principal = new BreakpointPrincipal(new BreakpointIdentity(authTicket), roles);
HttpContext.Current.User = principal;
}
// can deny request here
}
return null;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
