Passing a FedAuth cookie to Web Service Calls

StackOverflow https://stackoverflow.com/questions/17767941

  •  03-06-2022
  •  | 
  •  

Question

I have an ASP.NET site running on Azure at https://[appname].cloudapp.net. I also have an asmx web service running as a subapp in the same instance at https://[appname].cloudapp.net/WebService.

The root site is protected with passive ADFS authentication. Since the web service inherits settings from the root application's web.config, it is also protected.

My problem is that when I make web service calls, the FedAuth cookie is not getting passed along to the web service and I always receive the STS login page as a response from the web service.

How can I make use of the FedAuth cookie retrieved from signing into the root app to authenticate my web service calls?

Was it helpful?

Solution

You should make the web service anonymous and handle a different type of authentication (assuming the service needs to be secured). You cant "pass" the FedAuth cookie because that lives in the browser. So unless you do the Web service call from the browser using ajax you wont be able to do it. One thing you could do is passing the original ADFS SAML token to the web service and validate it, but that wont be trivial in asmx.

<location path="WebService">
    <authorization>
        <allow users="*" />
    </authorization>
 </location>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top