How to use WCF client in ASP.NET application?

Question

I have these components:

1. ASP.NET application (website)
2. WIF security
3. WCF service (secured via 2)

Let's say the WCF service (TestService) has one secured method:

  Boolean IsItWorking();

Now the page in a website does these steps:

1. go to a restricted page
2. provide login credentials
3. processes WIF request/response => cookies created
4. page provides ClientCredentials to a singleton! WCF client reference
5. page calls the TestService.IsItWorking()

It worked fine, until I realized that the singleton client instance is not working. How to provide credentials to a client? Where to keep the credentials? How to solve this scenario correctly?

Answer 1

Username/password based authentication to your WCF service can be done simply with a WCF WSHttpBinding. There's lots of sample code on how to do that.

http://codebetter.com/petervanooijen/2010/03/22/a-simple-wcf-service-with-username-password-authentication-the-things-they-don-t-tell-you/

There are some caveats that go along with this though. WIF gives you more options if you introduce an identity provider into your scenario (either a local one federate with a 3rd party identity provider). Then when the user logs in, WIF furnishes your ASP.NET application with a security token as well as the ASP.NET cookie.

This security token acts as a vehicle for claims, and your ASP.NET application can also reuse this token to authenticate to your WCF backend. WIF helps you configure this on both the ASP.NET and WCF ends. Look at the SaveBootstrapTokens=true property in your WIF config, and look at ChannelFactory.CreateChannelWithIssuedToken() for talking to your WCF service using a token. The WIF SDK has a WSTrustChannel sample that demonstrates how it works, and lots more samples online.