Silverlight 4 - MVC 2 ASP.NET Membership integration “single sign on”

Question

Scenario:

1. I have an ASP.NET MVC 2 site using ASP.NET Forms Authentication.

2. The site includes a Silverlight 4 application that needs to securely call internal web services.

3. The web services also need to be publically exposed for third party authenticated access.

Challenges:

1. Securely accessing webservices from Silverlight using the current users identity without requiring the user to re-login in in the Silverlight application.

2. Providing a secure way for third party applications to access the same webservices the same users credentials, ideally with out using ASP.NET Forms Authentication.

Additional details and limitations:

1. This application is hosted in Azure.

2. We would rather NOT use RIA Services if at all possible.

Solutions Under Consideration:

1. I think that if the webservices are part of the same MVC site that hosts the Silverlight application then forms authentication should probably "just work" from Silverlight based on the users forms auth cookies. But this seems to rule out the possibility of hosting the webservices seperately (which is desirable in our scenario).

2. For third-party access to the web services I'm guessing that seperate endpoints with a different authenication solution is probably the right answer, but I would rather only support one version of the services if possible...

Questions:

1. Can anybody point me towards any sample applications that implements something like this?

2. How would you recommend implementing this solution?

Answer 1

您可以扩展WCF以将成员身份用作身份验证存储，并通过Silverlight应用程序将FormsAuth Cookie（由MVC站点发送）重用到浏览器。

Answer 2

I would recommend using an STS with Windows Identity Foundation so you can have your app use claims identity and then change authentication outside the app. For third party you can use Windows Azure Access Control Service (ACS). We are updating our guidance on this and you can look at the new code to show you how to do this at our codeplex site . The original book is available at Amazon . I would focus on the updated guide because it has ACS has websites and an active client talking to WCF. The client is WPF but it would similar for Silverlight.