We are developing a browser-based intranet application. All users have an active directory account, so using Windows Integrated Authentication is an obvious choice. But there will be several users accessing the same client computer, so we decided to use forms-based authentication (but authenticated against AD).
In this scenario, the best authentication method between my ASP.NET application (IIS) and WCF services (another IIS 7 server). I do not want to use asp.Net compatibility mode or certificate.
I am going to create another domain account for ASP.NET and WCF authentication. I also pass the current ASP.NET user information to WCF as header information. Is it correct? The following code is called from ASP.NET to access and retrieve each service method.
// Call WCF service from ASP.NET Application using a new domain account for each call.
proxy.ClientCredentials.Windows.ClientCredential.Domain = "mydomain";
ServiceReference.HelloWorldClient proxy = new ServiceReference.HelloWorldClient();
proxy.ClientCredentials.Windows.ClientCredential.UserName = "new_domain_account";
proxy.ClientCredentials.Windows.ClientCredential.Password = "password";
Is there a better way to authenticate WCF from ASP.NET?
Thanks Ash.
source
share