Consuming WCF service from jquery with WIF authentication

Question

We have a WCF service that uses REST. This will contain all the business logic when we will implement several others clients besides using web-clients.

I have used Thinktecture as a STS because we already have a infrastructure for identifying roles in old clients that we would like to reuse.

To test everything I have a MVC application that uses jQuery to call the WCF service. The MVC application displays correctly the claims and authentication but I cannot make the WCF service to reuse this information.

I have succeeded to make MVC consume the WCF over https and on another domain: the MVC uses https://localhost:40321 and WCF uses https://localhost:40033

I have read this How do you pass a (Claims) security Token to a WIF enable WCF service but the accepted answer uses the 3.5 .NET framework and we would like to use 4.5.

So my questions are:

1. Is there a possibility of using jQuery with WIF together with Thinktecture and CORS? if yes, would you point me in the right direction? All the information that I have read about securing WCF seems to assume that you will use SOAP and not REST.
2. If point 1 is impossible in jQuery (or javascript) what authentication should I use? oAuth 1.0, 2.0 or something else.
3. As I see in Thinktecture you can specify the token to be returned to JWT. Is this a better way to use authetication. How do you configure the WCF to accept this token? How do you extract this token with javascript/jQuery? I saw that if you specify that jQuery should use "jsonp" it includes a cookie in requested headers.

I have read this http://msdn.microsoft.com/en-us/library/hh446531.aspx but as far as I see the example is using a WEB service and not a WCF.

thank you in advance.

Answer 1

I have read more and I think that I have the answer for my own questions.

1. Is there a possibility of using jQuery with WIF together with Thinktecture and CORS? if yes, would you point me in the right direction? All the information that I have read about securing WCF seems to assume that you will use SOAP and not REST.

No you cannot use jQuery to access a WIF enabled WCF directly. It is better to create a WEB.NET api that implements REST and use the WCF as a reference in that project. Consume the WCF in C# code and just add a thin layer for REST calls.

2. If point 1 is impossible in jQuery (or javascript) what authentication should I use? oAuth 1.0, 2.0 or something else.

If you want to use WIF I think it is better to use Microsofts stuff for better compatibility. I am NOT saying that one is better than the other.

3. As I see in Thinktecture you can specify the token to be returned to JWT. Is this a better way to use authetication. How do you configure the WCF to accept this token? How do you extract this token with javascript/jQuery? I saw that if you specify that jQuery should use "jsonp" it includes a cookie in requested headers.

Se answer 1 and 2.