First of all, I'm sorry if this question was already asked before. I've searched for a long time and there are many questions related to this but I can't get my head around this.
I have to build an application using WCF service and ASP.NET MVC. I worked with MVC before but I'm completely new to the WCF service. The architecture of the application is I'm accessing the database from WCF service and writing all the code in WCF. And MVC is acting as a Client and I'm just adding a service reference in the MVC to consume the service and making calls to WCF for every action.
Now my question is how will I implement authentication and authorization with this architecture. I just want to have register, login functionlity and also some roles. Like how we use ASP.NET membership to implement register, login functions and manage roles when working with MVC, Is there anything like that in WCF? Is there anyway that I can use the membership directly from MVC client without connecting db in client, like making some changes in the configuration so that we can connect to DB through WCF?
From what I've read so far, I can use ASP.net membership but I need to make some changes in the configuration. And no matter how many articles I read, I'm still confused on how to do this.
Can anyone explain me in detail, what changes should I do in client and service configurations to make this work? Or point me to a guide that explains this? I'm trying to uderstand this from a week now and every article I read, mentions to change web.config code, but they never mention whether it's client's web.config file or web.config file in service.
P.s: I'm sorry for any mistakes in the framing of the question or the title. I hope I'm clear in asking my question, if not please let me allow to explain clearly. This is my first question here and Thanks in advance.
WCF can use the ASP.NET Membership Provider. When integrated into an WCF application, users must supply a user name/password combination to the WCF client application. To transfer the data to the WCF service, use a binding that supports user name/password credentials, such as the WSHttpBinding (in configuration, the wsHttpBinding) and set the client credential type to UserName. On the service, WCF security authenticates the user based on the user name and password, and also assigns the role specified by the ASP.NET role.
For more information about it, you can refer to this link.
UPDATE:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<connectionStrings>
<add name="SqlConn" connectionString="server=127.0.0.1;database=aspnetdb;uid=sa;password=123456;" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<membership defaultProvider="SqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlConn"
applicationName="WcfService2"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
<roleManager enabled ="true"
defaultProvider ="SqlRoleProvider" >
<providers>
<add name ="SqlRoleProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="SqlConn"
applicationName="WcfService2"/>
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.7.2" />
<httpRuntime targetFramework="4.7.2"/>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding>
<security mode="Message">
<message clientCredentialType="UserName"></message>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="SqlRoleProvider">
</serviceAuthorization>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlMembershipProvider"/>
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" findValue="9bb09c1d6e719bf7121814cc73451947d410a501"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="wsHttpBinding" scheme="http" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
We need to use UserName authentication together with MembershipProvider. The client passes the user name through proxy.ClientCredentials.UserName.UserName and the password through proxy.ClientCredentials.UserName.Password when calling.