How to authenticate user while calling WCF service using AJAX?

Question

I have a WCF service which needs to be called from client side(ajax call). I want to use ScriptManager on ASPX page to add a ServiceReference to the WCF service (or) JQuery ajax

Answer 1

I'm not sure if this will help but I placed a layer between my WCF and webapp. I'd make an AJAX servicereference call to a local asmx. This came under the protection of the forms authentication ticket. The asmx would then do any further security checks (if that specific user making the call was allowed to request that data or shape the data based on the user) and then forward the call on to my WCF service.

This way my service layer did not need to know about the users for each app accessing it and only had a concern for delivery of requested data.

The asmx webservice took the responsibility of security.

Then I made the WCF hosted in IIS using WAS and only allowed Windows Auth access for the identity that the webapp app pool was running as.

So:

ASPX -> ASMX WebService -> WCF

I think that would give you the control/separation and security you are asking for?