Silverlight App consuming WCF service on a site with forms authentication

01-13-2009 12:43 PM |

Hello,

I have a website that has implemented asp.net forms-auth.  I would like to surface server data in the silverlight control.  I would like this to be through a WCF service that integrates with the forms auth on the website.  For clarification, this is a full website with many other asp.net pages - the silverlight control is only on one of those pages.  The end user experience is that they authenticate into the site, then eventually navigate to the page with the silverlight control.  Can I use WCF over silverlight in a secure manner so that it is completely integrated into the forms-auth mechanism that the site is already built around?  For further clarification, I am not wanting the silverlight control to collect username and password information and then authenticate into the site.

Is this possible?  Where do I find information about how to build a WCF service that uses forms-auth, and how do I use WCF from within silverlight, piggybacking on the forms auth ticket that was delivered with the page that hosts the silverlight control?

Thanks,
Shan McArthur

Re: Silverlight App consuming WCF service on a site with forms authentication

01-13-2009 12:51 PM |

Tim Heuer has a good example of how to do this with his AdventureOps blog project: http://silverlight.net/learn/appcorner/adventureworkspt1.aspx?pt=1

Basically you can setup a special web service that allows silverlight to directly interact with your formsauthentication provider.

One of the methods exposed by this service is 'IsLoggedInAsync', which will allow you to validate authentication without having to explicitely collect and send credentials.

Re: Silverlight App consuming WCF service on a site with forms authentication

01-13-2009 1:08 PM |

From what I can see of that blog post, this is exactly what I was trying to avoid in my original post when I included the clarification of what I did not want. 

The example is how to built an authentication service and have the silverlight application authenticate against it.  I already have an authenticated user session on the page and I do not want the silverlight application to be involved in authentication at all.  I am using Live ID for my website and I do not have user credentials and I don't want them to have to re-enter them on every silverlight page on my site.  I need the silverlight application to respect the existing forms authentication that has already been implemented in the site, and to call web services with the service ticket in a manner that those web services can know the user that has logged in and provide appropriate secure data back to the client.

Thanks,
Shan

Re: Silverlight App consuming WCF service on a site with forms authentication

01-13-2009 1:22 PM |

Hm I didn't see you mention the Live ID part of your issue in the OP, but I'm not sure that matters anyway if your able to use FormsAuthentication on server-side.  What I was suggesting (through Tim's example, which demonstrates how to setup the web service, and how access it via Silverlight) is to only use the "IsLoggedInAysnc" method of the service, which assumes the user has already logged in somewhere else on your web application.  Using this method, you do not need to know, or supply any credentials explicitly in Silverlight.  The method will simply return a boolean if the user has already authenticated, and their ticket is still valid.

Re: Silverlight App consuming WCF service on a site with forms authentication

01-13-2009 1:47 PM |

From what I can see in the article (and code), is that the auth service is wired up directly to the .net framework's System.Web.ApplicationServices.AuthenticationService class.  This implements Login(), which takes credentials, as well as IsLoggedIn() which simply detects if the user is logged in and returns a boolean.  The sample does not have an implementation of any web service that can receive a WCF call from the silverlight app, determine that the user is authenticated, and who they are.  I need to be able to have the silverlight call a WCF service and have that service know the username of the user so that I can provide information that is specific to that user.

The instructions you have given me in the last response would let me implement an authentication check in the silverlight controller and tell me if the user is logged in or not.  However, that is not the information that I need - I know the user is authenticated because the page that hosts the control is authenticated.  What I need to do is to pass secure data from the server specifically for this user.  I was considering that the best way to do that was to have the silverlight client call a WCF service on the server, and with some way of integration with the forms authentication on the site so that the service (not the silverlight app) can validate that the user is logged in, know who they are, and pass appropriate data back to the silverlight application.

So what am I missing?

Thanks,
Shan

Re: Silverlight App consuming WCF service on a site with forms authentication

01-13-2009 2:00 PM |

Yeah I think the part that is missing is that your web service needs to be wired in to your authentication scheme as well, then it all works together (I'm using this technique in my own projects).

This attribute on my web service class, allows the web service to interact with the FormsAuthentication, MembershipProvider, etc:

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]

So when a call comes in to my web service, I'm able to know which user it came in for, and also apply security to my web methods through attributes like this:

[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]

and

[PrincipalPermission(SecurityAction.Demand, Role = "myRoleToCheck")]

and even by specific user name, when necessary:

[PrincipalPermission(SecurityAction.Demand, Name = "userNameToCheck")]

In order to use these PrincipalPermission attributes, you'll have to assign the current user context to the CurrentPrincipal, like so in your web service constructor:

Thread.CurrentPrincipal = HttpContext.Current.User;

Re: Silverlight App consuming WCF service on a site with forms authentication

06-20-2009 2:22 AM |

Does anyone know how to get this to work with the WCF client in .NET proper? I have it working using a Silverlight client, but, I want to create unit tests and be able to test it from normal .NET. I'm guessing that I need to do something special to enable cookies or something in the WCF client. It doesn't seem to work by default... One thing that annoys me to no end is the fact that it's a PITA testing this stuff since you can't use a debugging proxy to view the HTTP traffic since WCF ignores the proxy settings when connecting to localhost and the ASP.NET Development Server only listens on localhost. It would be a lot easier to debug this stuff if that weren't the case. It's highly frustrating. Another reason I want to get it to work with the standard .NET Framework is the fact that faults actually work in it and it would be easier for debugging serialization related issues. Given how important WCF is I hope Microsoft makes it easier to debug this stuff. The configuration files are pretty much hell.

Re: Silverlight App consuming WCF service on a site with forms authentication

06-21-2009 12:03 AM |

I got it to work. I found that you just have to set

allowCookies="true"

on the binding element in App.config on the client.

That's pretty cool. Now, just to wait for Silverlight 3 to come out so that when an AccessControlException is thrown, you can receive it as a fault.