Fortunately, it is not hard to enable it. The magic point is set the HttpContext.Current.User in Global.asax
public class Global : System.Web.HttpApplicationIn the service you want to protect, set the requirement mode to allowed or required.
{
// other methods snipped...
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
HttpCookie ticketCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (null == ticketCookie)
{
return;
}
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(ticketCookie.Value);
if (null != ticket)
{
HttpContext.Current.User = new GenericPrincipal(new FormsIdentity(ticket), null);
}
}
}
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]Then, throw in the following checking at the beginning of the method.
public class PrimeService : IPrimeService
if (!HttpContext.Current.User.Identity.IsAuthenticated)That would be good enough for Silverlight client. For .Net WCF client, you need to handle the HTTP cookies by yourself (Authentication Service is using the authentication ticket in cookies). Detail discussion can be found in the article in Shane's Shelf.
{
throw new FaultException<SecurityAccessDeniedException>(new SecurityAccessDeniedException());
}
2 comments:
wow, you pretty much ripped off this blog from Shane Shelf.
For the programming posts, yes. I wanted to keep the posts short and copy-and-paste friendly in the blog. So, people who wanted a solution can grab-and-go. All detail discussions are left in Shane's Shelf for those who have the time to dive into the details.
Post a Comment