I've got 3 different clients accessing my ASP.Net service layer. I'm in the process of moving the Silverlight client to RIA services and I'd like to consolidate my authentication code if possible. I use a custom table in my database to store user credentials and profile information.
Can an ASP.Net Membership Provider be used for RIA, MVC and Web Service applications? Or is there an easier way?
WCF: http://msdn.microsoft.com/en-us/library/ms731049.aspx RIA: http://msdn.microsoft.com/en-us/library/ee707353(v=vs.91).aspx ASP.Net MVC: http://www.asp.net/mvc/tutorials/authenticating-users-with-forms-authentication-cs
I got myself tied up in knots a bit trying to use the same auth mechanism for RIA and a WCF REST & SOAP endpoints; RIA is a WCF endpoint at the end of the day. However consuming a RIA service is more comparable to using an MVC app; call a login service after which the browser or Silverlight app automatically attach a cookie to all subsequent requests which will be authorised by the ASP.Net membership provider.
Conversely clients of the WCF SOAP and REST services there are better ways to authorise requests rather than force them to call a login service, extract the cookie and attach it to all future requests. The above link for WCF actually describes a mechanism where the username and password are set for every request. In practice a lot of public web API's require a single header with a secret key to be set.
My conclusion is that I'll use the same membership provider for ASP.Net MVC and RIA but a different mechanism for SOAP and REST WCF services.
