MVC2 Apps (and others) sharing WCF services and authentication

Posted by stupid-phil on Stack Overflow See other posts from Stack Overflow or by stupid-phil
Published on 2010-02-16T19:52:50Z Indexed on 2010/05/12 11:34 UTC
Read the original article Hit count: 873

Hi,

I've seen several similar scenarios explained here but not my particular one. I wonder if someone could tell me which direction to go in?

I am developing two (and more later) MVC2 apps. There will also be another (thicker) client later on (WPF or Silverlight, TBD). These all need to share the same authentication. For the MVC2 apps they (preferably) need to be single log on - ie if a user logs in to one MVC2 app, they should be authorised on the other, as long as the cookie hasn't timed out.

Forms authentication is to be used.

All the apps need to use common business functionality and perform db access via a common WCF Service App. It would be nice (I think) if the WCF is not publicly accessible (ie blocked behind FW). The thicker client could use an additional service layer to access the Common WCF App.

What this should look like is:

MVCApp1 -> WCFAppCommon

MVCApp2 -> WCFAppCommon

ThickClient -> WCFApp2 -> WCFAppCommon

Is it possible to carry out all the authentication/authorization in the WCFAppCommon? Otherwise I think I'll have to repeat all the security logic in the MVCApps and WCFApp2, whereas, to me, it seems to sit naturally in WCFAppCommon. On the otherhand, it seems if I authenticate/authorize in WCFAppCommon, I wouldn't be able to use Forms Authentication.

Where I've seen possible solutions (that I haven't tried yet) they seem much more complex than Forms Authentication and a single DB.

Any help appreciated,

Phil

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Related posts about forms-authentication