locked
ASP.NET Authentication and Authorization Via WCF RRS feed

  • Question

  • Hi,

     

    We are in the process of building a distributed application using ASP.NET and WCF. We think, we have two ways of doing authentication and authorization for web site.

     

    1.      Create custom membership Provider and expose all the operations as wcf services, at client side call the appropriate methods to authenticate, create the principal object and cache it

    2.      Create the custom membership provider  and expose the services which can return a custom principle object ( fully loaded with identiy and roles), and at client side, directly receive the principal object.

     

    In option2 , we have the provision to support multiple sources and can be used to multiple applications.

     

    I would like to understand  which is efficient and correct and what is the best way people are following in the industry.

     

     

    Thanks

    Hari


    Harinatha
    Thursday, December 10, 2009 9:04 AM

All replies

  • Hari,

    What is the client side for you? The ASP.NET server application or the web browser?


    Paulo Morgado (http://PauloMorgado.NET/)
    Monday, May 3, 2010 1:32 PM
  • If the client of this remote authorization provider is the ASP.NET (server) application, than all you have to do is implement a membership provider that calls into this remote provider.


    Paulo Morgado (http://PauloMorgado.NET/)
    Monday, June 7, 2010 12:31 AM