I have seen several similar scenarios described here, but not mine. I wonder if anyone can tell me which direction to go?
I am developing two (and later) MVC2 applications. In the future, there will also be another (thicker) client (WPF or Silverlight, TBD). All of them must use the same authentication. For MVC2 applications, they (preferably) should be a single login - that is, if a user logs into one MVC2 application, they must be logged in with another if a cookie has not been set.
Form authentication must be used.
All applications must use common business functions and access the database through a common WCF service application. It would be nice (I think) if WCF is not publicly available (i.e. blocked by FW). A thicker client can use an additional service layer to access the Common WCF App.
What should look like this:
MVCApp1 β WCFAppCommon
MVCApp2 β WCFAppCommon
ThickClient -> WCFApp2 -> WCFAppCommon
Is it possible to complete all authentication / authorization in WCFAppCommon? Otherwise, I think I will have to repeat all the security logic in MVCApps and WCFApp2, while for me it seems to sit naturally in WCFAppCommon. On the other hand, it seems that if I authenticate / authorize in WCFAppCommon, I would not be able to use forms authentication.
Where I have seen possible solutions (which I have not tried yet), they seem much more complicated than forms using authentication and one DB.
Any help is appreciated,
Phil
asp.net-mvc forms-authentication wcf
philhobgen
source share