Menu
I have a set of WCF services with AspNetCompatibility enabled and consume them from jQuery. My web application requires authentication. Using only logic here (as I lack enough knowledge) does that mean WCF will be accessible and limited only to currently logged users? I know one can catch communication data and try to reuse it later (I don't have ssl) but for that he should be logged in.
Right, wrong or just stupid in my own optimism?
862
Yes, because you have ASP.NET compatibility enabled and because you're using ASP.NET security, as long as you have the proper <authorization> setting for the WCF resource it should be secured by ASP.NET security. At bare minimum this means you should have authorization defined as follows on the WCF resource:
<authorization>
<deny users="?" /> <!-- deny all anonymous users -->
<allow users="*" /> <!-- allow all authenticated users -->
</authorization>
Only if you allowed "*" would your WCF service be inaccessible to non-authenticated users.
You can read more about this here in this MSDN article under the section titled Hosting WCF Services in ASP.NET Compatibility Mode.
120
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
