Hi Mike,
From your description, you have a WCF service hosted in ASP.NET web
application and want to utlize the ASP.NET membership and rolemanager
providers for user authentication and authorization, correct?
Based on my research, you can use ASP.NET membership and RoleManager
provider for your WCF service's authentication and authorization. What you
need to do are the following things:
** make sure the ASP.NET membership and rolemanager is configured
correctly(tested via ASP.NET web page)
** edit WCF service's serviceBehavior to use ASP.NET membership and role
provider
** set clientCredentialType as "Username"
Here are two good aritlces discussing this. The first article provider a
very clear server-side configuration.
#Use ASP.NET Membership and Role Providers in Windows Communication
Foundation
http://nayyeri.net/blog/use-asp-net-membership-and-role-providers-in-windows
-communication-foundation/
#WCF & ASP.NET Role Provider
http://weblogs.asp.net/pglavich/archive/2008/02/08/wcf-amp-asp-net-role-prov
ider.aspx
Below is my test solution's WCF service configuration section:
======WCF service configuration=========
========(use default ASP.NET membership and role provider)=======
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="RoleSecServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<!-- for membership authentication-->
<serviceCredentials >
<!-- necessary for protect client sent authentication
info-->
<serviceCertificate storeLocation="LocalMachine"
storeName="My"
x509FindType="FindByThumbprint"
findValue="b0d98888fc2fec907661ef11aa430f29e6ae8a91" />
<userNameAuthentication
userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="AspNetSqlMembershipProvider"/>
</serviceCredentials>
<!-- for role based authorization-->
<serviceAuthorization
principalPermissionMode="UseAspNetRoles"
roleProviderName="AspNetSqlRoleProvider" ></serviceAuthorization>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="RoleSecServiceBinding" >
<security mode="Message" >
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="RoleSecServiceBehavior"
name="RoleSecService">
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="RoleSecServiceBinding"
contract="IRoleSecService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
=============================
the following code demonstrate how to assert authorization declaratively or
in code
======authorization code logic in our service operation==========
[PrincipalPermission(SecurityAction.Demand,
Role="operator")]
public string GetStringData()
{
//we can also check the identity and roles in code
return string.Format("Identity:{0}, AuthenticationType:{1} ",
Thread.CurrentPrincipal.Identity.Name,
Thread.CurrentPrincipal.Identity.AuthenticationType
);
}
===============
BTW, I have created a complete test solution with service and client
projects. If you feel necessary, I can also send it to you for reference.
You can reach me at the following address:
"Stcheng"+ @ + "microsoft.com"
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we
can improve the support we provide to you. Please feel free to let my
manager know what you think of
the level of service provided. You can send feedback directly to my manager
at: (e-mail address removed).
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from
the community or a Microsoft Support Engineer within 2 business day is
acceptable. Please note that
each follow up response may take approximately 2 business days as the
support professional working
with you may need further investigation to reach the most efficient
resolution. The offering is not
appropriate for situations that require urgent, real-time or phone-based
interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft
Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "Mike Endys" <
[email protected]>
Subject: WCF Service on public IIS and SqlMembershipProvider/SqlRoleProvider
Date: Sun, 2 Nov 2008 16:59:30 +0100
Lines: 34
Badly need your help guys!
What are the minimum requirements in configuration files for running WCF
Service 3.5 hosted on IIS server and using for authentization
AspSqlMembershipProvider and AspSqlRoleProvider?
- I have running ASPX application with running WCF 3.5 service and
AspSqlMembership and Roles Providers implemented.
- The service answers my simple request (consuming by simple console
application)
- I need to use [PrincipalPermission] attribute for some service methods.
- I want to use AspSqlMembership and AspSqlRole Providers for
authentization.
- I Cannot use HTTPS and certificates.
The questions:
- Can I use wsHttpBinding? Is another binding better to use in order to use
AspSqlMembership and Roles?
- Can I use sessions? (Wanna sign up user on start of application and
signoff on closing application)
- Can you send me simple example of the app.config and web.config files for
these implementation?
Thanks alot for help
Mike Endy