Wednesday, December 22, 2010

Authentication in Silverlight using WCF and ASP.NET Membership Provider

WCF has provided many benefits for developing secure, scalable distributed applications. One of the nice features of WCF service security is its integration with ASP.NET Membership provider. Using this provider, a caller can be authenticated by the WCF service against the user credentials stored in the SQL Server ASPNETDB database.

Recently while conducting a training for my clients for ASP.NET and Silverlight 4.0, one of my participants has asked me a question regarding integration between WCF services, ASP.NET Membership provider and authenticating the Silverlight client caller against the WCF service using this membership provider, instead of creating any other custom authentication class. It was a great question and I thought of sharing the solution through this article. Make sure you read my recently published article on Silverlight 4.0 - Secure Communication to WCF service using Custom User Name and Password Validator

Creating WCF Service with Custom Binding and SSL

Step 1: Open VS2010 and created a blank solution, name it as ‘SILV4_ASPNETMembershipProvider_WCF’. In this solution, add a WCF service application and name it as ‘WCF_SecureService’.

Step 2: Rename ‘IService1.cs’ to ‘IService.cs’. Add the following code in ‘IService.cs’:

Step 3: Rename ‘Service1.svc’ to ‘Service.svc’ and write the following code in it:

Step 4: Open the web.config file, add the connection string for the database which contains user credentials and also define ASP.NET membership provider. Configure this provider in the service behavior so while verifying, the caller WCF service will load this membership provider. Also use ‘CustomBinding’ with https transport and define its ‘authenticationMode’ to ‘UserNameOverTransport’ so that the caller has to send the user credentials for making a call to WCF service. The web.config file is as shown below:

Read more: dot Net Curry