Hello,
I have a Silverlight 4 application that uses a lot of WCF services that I now need to secure. I am currently using the stock domain service (AuthenticationService) to log my users in to my Silverlight app using the ASP.NET Security features, but I am willing
to change this if it makes sense.
Here is what I would like to do:
- Provide an easy way for my users (and my admins) to change user passwords and other details
- Only allow logged in users to call WCF services
- Some WCF services should only be called by system administrators (role-based security?)
Again, I am using Silverlight enabled WCF services here, not domain services. Is it possible to use forms based authentication (using AuthenticatoinSerivce), and pass the role and/or user information to my WCF services? It looks like AuthenticationService
has everything I need to manage my user’s accounts – including an easy way to allow them to change their own passwords. However, is this type of security compatible with WCF Services? And if so, how do I pass the logged in user info to the service? Will
the service need to then re-validate the credentials, or is there something that can be done at the service level for this?
Or, should I create all of this from scratch on a new service? Any help is greatly appreciated.
Thanks!
