WCF consumed by {JSON + ASP.NET} - Authentication, form or Windows?

[THY02K]

hello

I have a WCF service to be consumed by both:

Code:

Consumer #1

ASP.NET - ASP.NET app uses form-authentication and impersonate a Windows user account WEBUSER. This is a web user account but by and large it works fine as the intention is to tighten the security. So ...

web.config of the ASP.NET app:

Code:

<authentication mode="Forms">
<forms
name="GenericOMS_auth"
loginUrl="LoginForm.aspx"
protection="All"
timeout="30"
path="/" />
</authentication>

<identity impersonate="true"
userName="MyBox\WEBUSER"
password="SomeSecret" />

And in web.config of WCF Service hosted in IIS:

Code:

<authentication mode="Windows"/>

Works fine.

Consumer #2 JSON/AJAX all from web page in ASP.NET (Consumer #1)

Now, I added webpage to ASP.NET app that makes AJAX/JSON calls to the WCF Service. I'm not sure what to do in web.config of my WCF Service . Clients viewing the webpage are not always domain users (and we wouldn't want to tie down to this model anyway).


FYI, in WCF web.config, I've added:

Code:

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
...
<endpoint address="JSON" behaviorConfiguration="JSONBehavior"
binding="webHttpBinding" bindingConfiguration="" name="JSON"
contract="xxx.SecurityServiceLib.ISecurityService" />
...
<endpointBehaviors>
<behavior name="JSONBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>

I suppose this would suffice for AJAX post/get to include forms-authentication cookie when invoke WCF right?

Any suggestion? Thanks!

[tattooedscorpdc]

There is a ton of training for JSON, AJAX, and WCF that you can take advantage of for free.

GO to http://www.codeguru.com/forum/showth...56#post1896756 and type JSON into the search box .

You can also try, http://www.msdev.com/ and type the same search term in to see what trainings are available there.

Hope this helps,

Larry
MSAE