locked
Passing Credentials between 2 Lightswitch applications RRS feed

  • Question

  • Hello,

    We have 2 Lightswitch applications :

    Application A

    Application B

    Both applications are secured using Windows Authentication. Both are deployed on IIS 7 using SSL (https protocol).

    Both applications are hosted inside the default application pool DefaultAppPool in IIS.

    Application B connects to the Application A using A's oData endpoint, B connects to A.

    Now the problem...

    Application B uses the user account "IIS APPPOOL\DefaultAppPool" when connecting to Application A. We know this observing the CreatedBy property when an entity from the Application A is created in the Application B.

    How can I configure the hosting settings in IIS of both applications A and B, so that B passes through the user credentials when connecting to Application A?

    Thursday, October 15, 2015 1:41 PM

Answers

  • We found the solution: http://d-fens.ch/2015/09/03/consuming-odata-services-from-lightswitch-with-impersonation/ These Swiss guys are cool!
    Thursday, November 12, 2015 10:28 AM

All replies

  • You did not state if the Authentication was Windows (NTLM) or Forms.

    For my suggestion, I am going to assume forms authentication  and you are using a shared authentication database with a common form authentication name?

    <authentication mode="Forms">
    	<forms name="MyCommonName" loginUrl="~/Login.aspx" />
    </authentication>

    This is not tested and your mileage will vary. You need to proxy the authentication cookie from App B to App A using a technique like:

    var appA = new AppB.ServiceA.ApplicationData(new Uri("http://AppAUrl"));
    
    appA.SendingRequest2 += (s, e) =>
    {
        e.RequestMessage.SetHeader("Cookie", HttpContext.Current.Request.Headers.GetValues("Cookie"));
    };
    

    This is going to copy the cookies collection from AppB's request and pass it to AppA's request. This is just a pointer and again, has not been tested. I use this technique in the Silverlight client to copy the cookies when using a Rest (WebAPI) and Signalr to pass the authentication cookie. In these cases, I work with the cookies collection but unfortunately, In this case the RequestMessage does not expose the Cookie collection.

    If you are using Windows authentication then you may want to look a ASP impersonation.

    Thursday, October 15, 2015 5:41 PM
  • Hi Ian,

    Both applications are secured using Windows Authentication. Both are deployed on IIS 7 using SSL (https protocol).

    I will look at asp. net impersonation.

    Your answer for windows forms authentication looks very interesting...when we need to pass credentials between apps secured using forms authentication we will give it a try!

    Thank you.

    Thursday, October 15, 2015 5:55 PM
  • Dear Michael:

    I need your help.

    Do you have Lightswitch apps deployed that access each others odata endpoint?

    If so, how do you configure IIS in order to pass through credentials when using Windows Authentication?

    Friday, November 6, 2015 7:41 PM
  • We found the solution: http://d-fens.ch/2015/09/03/consuming-odata-services-from-lightswitch-with-impersonation/ These Swiss guys are cool!
    Thursday, November 12, 2015 10:28 AM