How do you override the WCF AuthenticationService IsLoggedIn() method?

Posted by Ryan Riley on Stack Overflow See other posts from Stack Overflow or by Ryan Riley
Published on 2010-03-23T02:01:57Z Indexed on 2010/03/23 2:11 UTC
Read the original article Hit count: 568

Filed under:

wcf-security

|

formsauthentication

|

iidentity

|

iprincipal

|

security

I have three current thoughts on how to do this:

re-implement AuthenticationService, which uses lots of internal constructors and internal helpers,
implement custom IIdentity and IPrincipal types and somehow hook these into FormsAuthentication.
give up and roll my own.

The problem is that we've got web apps and fat client apps using authentication and storing cookies. However, logging out of a web app does not log out of a fat client app, and we have now way of forcing a refreshed cookie, atm.

© Stack Overflow or respective owner

Related posts about wcf-security

WCF Security Transport Security Questions

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm writing a set of WCF services that rely on transport security with Windows Authentication using the trusted subsystem model. However, I want to perform authorization based on the original client user that initiated the request (e.g. a user from a website with a username/password). I'm planning… >>> More
How To Configure WCF Security Using Only X.509 Certificates

as seen on Code Project - Search for 'Code Project'
This article provides a step by step guide to configuring a WCF web service and client secured by X.509 certificates. >>> More
WCF security via message headers

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to implement "some sort of" server-client & zero-config security for some WCF service. The best (as well as easiest to me) solution that I found on www is the one described at http://www.dotnetjack.com/post/Automate-passing-valuable-information-in-WCF-headers.aspx (client-side) and… >>> More
WCF security when it is used with sync services

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using following architecture for sync process. http://www.codeproject.com/KB/smart/sync_services.aspx And for server i use WCF service, can anybody guide me how can i secure my wcf service without using certificate that is hosted on IIS. Can i get a way to pass credential or some token to… >>> More
Call WCF using transport layer security and SSL configured

as seen on C# Corner - Search for 'C# Corner'
Wcf Security >>> More

Related posts about formsauthentication

Rolemanager not working when ASPDotNetStorefront served in a virtual folder with FormsAuthentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Does anyone know if there is a valid roleManager I can apply to ASPDotNetStorefront to get the site working? We have a website that has an ASP.Net storefront served in a virtual folder off the root. ourwebsite.com ourwebsite.com/shop Everything has been workign fine until we put the groundwork… >>> More
How can I pass FormsAuthentication.SetAuthCookie from Data Access Layer Class to WebService to Javas

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using DotNetOpenAuth in my ASP.Net Website. I have modified it to work with Facebook Connect as well, using the same methods and database structures. Now I have come across a problem. I have added a Facebook Connect button to a login page. From that HTML button, I have to somehow pull information… >>> More
ASPX FormsAuthentication.RedirectFromLoginPage function is not working anymore

as seen on Stack Overflow - Search for 'Stack Overflow'
Here is my issue. I have an ASPX web site and I have code in there to redirect from the login page with the call to "FormsAuthentication.RedirectFromLoginPage(username, false);" This sends the user from the root website folder to 'website/Admin/'. I have a 'default.aspx' page in 'website/Admin/' and… >>> More
When does the .NET FormAuthentication ticket get checked and how do I tap into this event?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello everyone - We are attempting to integrate an ASP.NET MVC site with our client's SSO system using PingFederate. I would like to use the built in FormsAuthentication framework to do this. The way I've gone about it so far is: Set up my Web.config so that my FormsAuthentication LoginURL goes… >>> More
FormsAuthentication.SignOut() does not log the user out.

as seen on Stack Overflow - Search for 'Stack Overflow'
Smashed my head against this a bit too long. How do I prevent a user from browsing a site's pages after they have been logged out using FormsAuthentication.SignOut? I would expect this to do it: FormsAuthentication.SignOut(); Session.Abandon(); FormsAuthentication.RedirectToLoginPage(); But it… >>> More