Accessing WCF service from mobile client with user idenity

Question

I'm working on an Web API that have a web (ASP.NET MVC), WCF service and mobile interfaces (Android/ iPhone) and i have token authentication for API.

The MVC and API have user identity to verify the users, but WCF service won't have this user identity.

Here, i need to have access the WCF service from the mobile client with security.

Application structure,

So, How can verify or share the user identity with WCF service?

Can i use the same OAuth token in WCF service to identify the user? or Is there any other standard way to do it ?

Answer 1

I have a similar applications. I add the token (previously received after authentication) using this:

Common ajax call with jQuery:

$.ajax({
    beforeSend: function (request)
    {
        request.setRequestHeader("Authority", authorizationToken);
    },
    // Below you set type, url, data, ...
});

Here, using Cordova + Ionic + Angularjs:

$http.defaults.headers.common.Authorization = authorizationToken;
if ($http.defaults.headers.common.Authorization.Parameter != undefined) {
    $http.defaults.headers.common.Authorization.Parameter = authorizationToken;
}

Hope it helps.

Answer 2

With given high level detail, ADFS should be a right fitment for your requirement, with that Identity validation can be achieved for WCF based services as well.

Refer below link to MSDN guide for a detailed approach.

A Guide to Claims-Based Identity and Access Control

However, I presume this solution for new requirements, if so, why still WCF service is required when Web API can be manage external http requests? and given that there is no DB interaction through WCF services as per diagram.