I have a WCF service to be consumed by both:
ASP.NET - ASP.NET app uses form-authentication and impersonate a Windows user account WEBUSER. This is a web user account but by and large it works fine as the intention is to tighten the security. So ...
web.config of the ASP.NET app:
And in web.config of WCF Service hosted in IIS:
Consumer #2 JSON/AJAX all from web page in ASP.NET (Consumer #1)
Now, I added webpage to ASP.NET app that makes AJAX/JSON calls to the WCF Service. I'm not sure what to do in web.config of my WCF Service . Clients viewing the webpage are not always domain users (and we wouldn't want to tie down to this model anyway).
FYI, in WCF web.config, I've added:
I suppose this would suffice for AJAX post/get to include forms-authentication cookie when invoke WCF right?
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<endpoint address="JSON" behaviorConfiguration="JSONBehavior"
binding="webHttpBinding" bindingConfiguration="" name="JSON"
Any suggestion? Thanks!