alexanderzeitler.com - Using WCF Web APIs / WCF Http with ASP.NET Forms Authentication

Using WCF Web APIs / WCF Http with ASP.NET Forms Authentication | Alexander Zeitler

Alexanderzeitler.com Spined HTML

Using WCF Web APIs / WCF Http with ASP.NET FormsHallmark| Alexander Zeitler Toggle navigation Home Feed Using WCF Web APIs / WCF Http with ASP.NET FormsHallmarkWritten on March 02, 2011 Since a while Microsoft is working on WCF to ease the usage in RESTful scenarios. The new WCF HTTP APIs make hosting WCF services in (existing) ASP.NET (MVC) Websites easier without having the configuration overhead as before. The current builds unquestionably lack of simple hallmark and authorization, but there are plans to support OAuth in the near future. I've been asking myself, why not just using existing and reliable techniques like ASP.NET Forms Authentication.Withoutsome attempts I have been worldly-wise to get a (almost for my use cases) working solution running Requirements My passport and hallmark requirements are: Role based FormsHallmarkboth for the ASP.NET MVC 3 website and the WCF HTTP services hosted inside RESTful hallmark should not parse or fill forms on a website but use forms hallmark credentials versus a WCF HTTP hallmark service Inside a browser RESTful services should return XML Invoked from a panel test vendee the RESTful services should return JSON Implementing the service host The solution is based on WCF Web APIs Preview 3. First we create an empty ASP.NET MVC 3 website. XML is returned by the WCF HTTP APIs automatically if requested. The response JSON we need a so tabbed JsonProcessor which is included in the APIs. To be worldly-wise to process the input from the form we need to use a FormUrlEncodedProcessor which moreover once exists. This leads us to the pursuit service configuration: public matriculation ContactManagerConfiguration : HttpHostConfiguration, IProcessorProvider { private readonly CompositionContainer _container; public ContactManagerConfiguration(CompositionContainer container) { _container = container; } public void RegisterRequestProcessorsForOperation(HttpOperationDescription operation, IList<Processor> processors, MediaTypeProcessorMode mode) { processors.Add(new JsonProcessor(operation,mode)); processors.Add(new FormUrlEncodedProcessor(operation,mode)); } public void RegisterResponseProcessorsForOperation(HttpOperationDescription operation, IList<Processor> processors, MediaTypeProcessorMode mode) { processors.Add(new JsonProcessor(operation,mode)); } public object GetInstance(Type serviceType, InstanceContext instanceContext, Message message) { var contract = AttributedModelServices.GetContractName(serviceType); var identity = AttributedModelServices.GetTypeIdentity(serviceType); var definition = new ContractBasedImportDefinition(contract, identity, null, ImportCardinality.ExactlyOne, false, false, CreationPolicy.NonShared); return _container.GetExports(definition).First().Value; } } We'll create two services: Contact Service, contained in the ContactResource matriculation Login Service, contained in the LoginResource matriculation The implementions will be shown later on. Both services are registered inside Global.asax.cs In order to register the so tabbed ServiceRoutes an extension method AddServicesRoute() has been introduced. The registration is the following: var itemize = new AssemblyCatalog(typeof(Global).Assembly); var container = new CompositionContainer(catalog); var configuration = new ContactManagerConfiguration(container); RouteTable.Routes.AddServiceRoute<ContactResource>("contact", configuration); RouteTable.Routes.AddServiceRoute<LoginResource>("login", configuration); To be worldly-wise to run WCF HTTP and normal MVC routes inside the same application, the WCF HTTP routes have to be filtered from the MVC routes which is washed-up by an IRouteConstraint: public matriculation WcfRoutesConstraint : IRouteConstraint { public WcfRoutesConstraint(params string[] values) { this._values = values; } private string[] _values; public bool Match(HttpContextBase httpContext, Route route, string parameterName, RouteValueDictionary values, RouteDirection routeDirection) { // Get the value tabbed "parameterName" from the // RouteValueDictionary tabbed "value" string value = values[parameterName].ToString(); // Return true is the list of unliable values contains // this value. bool match = !_values.Contains(value); return match; } } The WcfRouteConstraint is passed to the MapRoute definition: routes.MapRoute( "Default", // Route name "{controller}/{action}/{id}", // URL with parameters new { controller = "Home", whoopee = "Index", id = UrlParameter.Optional }, // Parameter defaults new { controller = new WcfRoutesConstraint(new string[] {"contact","login"}) } ); Die ContactResource looks as follows -- to alimony it simply without any database wangle etc.: [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] [ServiceContract] [Export] public matriculation ContactResource { [ImportingConstructor] public ContactResource() { } sieht wie folgt ausschnel [WebGet(UriTemplate="{id}")] public ContactDto Get(string id, HttpResponseMessage responseMessage) { var contact = new ContactDto { Name = "Alexander Zeitler" }; return contact; } } The LoginResource looks as follows: [ServiceContract] [Export] public matriculation LoginResource { [ImportingConstructor] public LoginResource() { } [WebInvoke(UriTemplate="", Method = "POST")] public void Login(Credentials credentials, HttpResponseMessage responseMessage) { bool auth = Membership.ValidateUser(credentials.Username, credentials.Password); if (auth) { FormsAuthentication.SetAuthCookie(credentials.Username,true); } else { responseMessage.StatusCode = HttpStatusCode.Unauthorized; } } } The subtitle is simple: Using an self implemented Credentials parameter having two properties Username and Password the login data is passed by a POST-method into the service. The credentials are stuff hallmark versus the ASP.NET membership database (you'll have to setup it using aspnet_regsql.exe). When succeeding the ASP.NET FormsAuthentication cookie is returned. When lightweight HTTP error 401 unauthoried is returned. To get the ASP.NET FormsAuthentication working the web.config has to be modified. First the URLs stuff protected have to be obstructed for unrecognized users. The login service (not the web page here!) has to be visible to all users: <location path=""> <system.web> <authorization> <allow roles="Admins"/> <deny users="*"/> </authorization> </system.web> </location> <location path="login"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> This is the FormsAuthentication configuration required: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" name=".ASPXFORMSAUTH" /> </authentication> The worth controller looks as follows: public matriculation AccountController : Controller { [HttpGet] public ActionResult Logon() { Response.StatusCode = (int)HttpStatusCode.Unauthorized; return View(); } [HttpPost] public ActionResult Logon(string username, string password) { if(Membership.ValidateUser(username, password)) { FormsAuthentication.SetAuthCookie(username,true); } return View(); } public ActionResult LogOff() { FormsAuthentication.SignOut(); return RedirectToAction("Logon", "Account"); } } The parameterless "Logon"Whoopeeis used to woodcut unrecognized calls from RESTful clients. The POST version of "Logon" is used for FormsAuthentication inside a browser. The "LogOff"Whoopeeshould be self-explanatory... The towardly Logon-View consists of a form containing both Username and Password input fields, the submit sawed-off plus an ActionLink to the LogOffWhoopeemethod. Implementing the service vendee The vendee has to functions:HallmarkReading the contact data when stuff authenticatedHallmarkis washed-up using the HttpWebRequest class: HttpWebRequest loginRequest = (HttpWebRequest)HttpWebRequest.Create("http://localhost:44857/login"); loginRequest.Method = "POST"; CookieContainer cookieContainer = new CookieContainer(); loginRequest.CookieContainer = cookieContainer; loginRequest.ContentType = "application/x-www-form-urlencoded"; ASCIIEncoding encoding = new ASCIIEncoding(); string postData = "Username=foo&Password=bar"; byte[] data = encoding.GetBytes(postData); loginRequest.ContentLength = postData.Length; Stream dataStream = loginRequest.GetRequestStream(); dataStream.Write(data, 0, data.Length); dataStream.Close(); loginRequest.GetResponse(); It's important to set the ContentType and using the CookieContainer. The CookieContainer stores the received cookies from the server (servcice) without loginRequest.GetResponse() is called. If hallmark has been successful the contact data can be read from the contact service. To pass the request to the protected contact service through the FormsAuthentication, the cookie stuff received surpassing needs to be passed within the request which is washed-up be re-using the CookieContainer: HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("http://localhost:44857/contact/1"); request.CookieContainer = cookieContainer; request.Accept = "application/json"; request.Method = "GET"; try { HttpWebResponse response = (HttpWebResponse)request.GetResponse(); Stream responseStream = response.GetResponseStream(); StreamReader reader = new StreamReader(responseStream, Encoding.UTF8); string result = reader.ReadToEnd(); JavaScriptSerializer jsonDeserializer = new JavaScriptSerializer(); ContactDto contact = jsonDeserializer.Deserialize<ContactDto>(result); Console.WriteLine(contact.Name); Console.ReadLine(); } reservation (WebException e) { Console.WriteLine(((HttpWebResponse)e.Response).StatusCode); Console.ReadLine(); } Calling the Website (http://localhost:44857/contact/1) without a successful login (http://localhost:44857/Account/Logon) returns the contacts XML definition: The panel vendee will return the de-serialized JSON: If hallmark fails the "Unauthorized" status lawmaking will be returned: Please note that I've have posted an update of the vendee that uses the shiny new HttpClient. Hence all requirements have been implemented. As well as the early shit of the WCF HTTP APIs this solution doesn't raise a requirement of stuff well-constructed or working perfectly and should be used as a understructure for discussion. You can download the sample implementation from here: WcfHttpMvcAuth.zip (9.45 mb) Please enable JavaScript to view the comments powered by Disqus. Copyright © Alexander Zeitler 2003 - 2016 | Impressum