R – ASP.NET Membership – Is authenticated user lost when you call a WebService in the same WebApp

asp.netasp.net-membershipforms-authenticationwcfweb services

I am using the ASP.NET Login Control for authentication.

I have some users and they are able to login successfully. When authenticated I redirect to a page helloworld.aspx. In the Page_Load method I first make a call to Membership.GetUser(). This returns the authenticated user properly. I then make a call to a simple WCF web service that resides in the same WebApplication. The first line of my WebService call's the same Membership.GetUser(). This time though it returns NULL.

Any thoughts?

Thanks,
Justin

Here is some code snippets

JustinPage.aspx

public partial class JustinPage : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        MembershipUser user = Membership.GetUser();
        // user is a valid user

        JustinService.JustinTestServiceClient justin = new CMS.WEB.JustinService.JustinTestServiceClient();
        justin.DoWork();
    }
}

JustinTestService.svc.cs

[ServiceContract(Namespace = "")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class JustinTestService
{
    [OperationContract]
    public void DoWork()
    {
        MembershipUser user = Membership.GetUser();
        // user is NULL ???  Why?
        return;
    }
}

As mentioned earlier the Service source code is in the Same WebApplication as Justin.aspx as you can see by the endpoint (note my app is fixed on port 19003)…

endpoint address="http://localhost:19003/Services/JustinTestService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_JustinTestService"
contract="JustinService.JustinTestService" name="BasicHttpBinding_JustinTestService" /

Also the binding looks like this…

<binding name="BasicHttpBinding_JustinTestService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">

</security>
</binding>

Maybe it has something to do with the <security mode="None"> ???

Best Answer

The problem is that the web service call is not originating from the browser, where the user authenticated. Instead, you are originating the web service call from your application (your web server is creating an HTTP request to your web server!).

Related Topic