I am invoking a WCF web service (.NET 4.0) via jQuery $.ajax() from an ASP.NET page. How can I secure the WCF service such that only authenticated ASP.NET users can invoke the service's methods? Do I need to imperatively check the forms authentication cookie manually in each service method, or is there a more declarative approach?
SOLUTION : Move the .svc files under a "Services" directory (or any directory that will hold the services to be secured) and secure that directory with its own web.config. Configure the location to deny anonymous users:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.