hello
I have a WCF service to be consumed by both:
ASP.NET - ASP.NET app uses form-authentication and impersonate a Windows user account WEBUSER. This is a web user account but by and large it works fine as the intention is to tighten the security. So ...
web.config of the ASP.NET app:
Code:
<authentication mode="Forms">
<forms
name="GenericOMS_auth"
loginUrl="LoginForm.aspx"
protection="All"
timeout="30"
path="/" />
</authentication>
<identity impersonate="true"
userName="MyBox\WEBUSER"
password="SomeSecret" />
And in web.config of WCF Service hosted in IIS:
Code:
<authentication mode="Windows"/>
Works fine.
Consumer #2 JSON/AJAX all from web page in ASP.NET (Consumer #1)
Now, I added webpage to ASP.NET app that makes AJAX/JSON calls to the WCF Service. I'm not sure what to do in web.config of my WCF Service . Clients viewing the webpage are not always domain users (and we wouldn't want to tie down to this model anyway).
FYI, in WCF web.config, I've added:
Code:
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
...
<endpoint address="JSON" behaviorConfiguration="JSONBehavior"
binding="webHttpBinding" bindingConfiguration="" name="JSON"
contract="xxx.SecurityServiceLib.ISecurityService" />
...
<endpointBehaviors>
<behavior name="JSONBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
I suppose this would suffice for AJAX post/get to include forms-authentication cookie when invoke WCF right?
Any suggestion? Thanks!