I am needing more validation of what I am doing versus solving a problem.
I have a winforms application that uses Client Application Services to validate a user against a customer membership provider all over SSL. This works fine. My winforms application validates correctly.
The winforms application uses WCF to call services that are installed on the same IIS server that is providing the membership services for the Client Application Services. The WCF services use wsHTTP binding, transport security, username credentials,
and validate against the same membership provider as the Client Application Services.
It appears that although the service and Client Application Services are at the same URL, they do not share credentials between them. Ideally, once I log into Client Application Services, any calls to a WCF service at that location would be automatically
authenticated. However, this is not true. I have to pass the username and password into the credentials for the WCF service. This works as expected where the username and password are validated prior to allowing a service call. On subsequent
services calls, it does not validate again since it has established the secure channel.
So, does this sound like the best approach? Is there a way to pass credentials from the Client Application Services to WCF automatically? I
View Complete Post