0
votes

I have a WCF service which is repsonsible for authenticating users . Unlike WCF Authentication Services , I want all authentication (including the ones from a asp.net web application) to happen at the WCF service layer .

Now, my query , should I be defining membership providers for authentication at the web application tier.Say , for eg, I define a custom WCF memebership provider that calls the WCF service to carry out authentication. or If the application uses forms authentication for authenticating users against a active directory , I would use a Active directory membership provider at the Web Tier.

As per my logic , since I want the WCF service to be repsonsible for authenticating users from different applications , I would define the membership providers at the service layer .

However , there are difference in opinion as to which layer is responsible for implementing the membership provider .

Thansk & Regards Girija

1

1 Answers

0
votes

You can't (and should not) perform, let's say, Windows authentication for asp.net application in WCF. Nor should you make your service responsible for determining which authentication uses asp.net.

In short, you should define your authentication mechanism at application level (although you can implement it at any level you want).

And by the way I would recommend you using already established federation protocols (i.e., WIF) for handling authenticaion between several applications.