https://stackoverflow.com/questions/19670009
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThere is not best way. The most standard way is to use a wsFederationHttpBinding on your wcf back-end services. This way your security token can arrive at the back end and the back end cannot be called (unless you expose other bindings) without a valid token.
What is the best way to pass security token to non IIS services
-
01-07-2022 - |
Question
Is there a way to manually and safely serialize Session Security Token?
I am setting up a web application that authenticates with Azure ACS.
I have got the claims and principals ok. Now I need to pass that whole thing to back end services. What's the best way to do this?
- Should I serialize the principal object? and manually restore and set them in the back through a channel intercept?
- Can I somehow reuse SessionSecurityToken? Although some of the back end services could use technology like msmq, so the concept of session and cookies are moot. Is there a way to still use the same token that gets set in the cookies nonetheless for uniformities sake. If so how?
- Should I set up WIF on the back end services? This seems like a major hassle. If the user has been authenticated, I want to get all the claims and pass it on, or set up my own custom role manager.
- Should I simply create a ticket, that can be redeemed against a caching service to retrieve all of these information?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
