I am new to WCF and here's my scenario.
My web page will be hosted in a web server and there will be an app server which my web page will call the WCF services. I will be using forms authentication for authenticating users and roles with be custom roles populated in the sql server, not the built-in aspnet tables. To add to the difficulty,I am using the Web Client Software Factory in my development.
Here's my question. I am worried that unauthorised users(logged in but still unauthorised) will try to call my WCF service directly if they know the url for the service. I am unable to use System.Threading.Thread.CurrentPrincipal.Identity. Name
to pass in their identity to the service as it spans across different servers.
Is there a way for me to authenticate by passing their credentials to the WCF service, so that I can do further authorization check from there?I understand I can do something like this :
to pass the username to my WCF service for authorization checking. But how do I grab the username from my WCF service?
Dim pxy As New MyFirstSecuredWCFServiceProxy
pxy.ChannelFactory.Credentials.UserNamePassword.UserName = "Softwaremaker"
pxy.ChannelFactory.Credentials.UserNamePassword.Password = "SomePassword"
Sorry if my question sounds stupid as I am very new to WCF.
Thanks for any help given!