I have a set of WCF services with AspNetCompatibility enabled and consume them from jQuery. My web application requires authentication. Using only logic here (as I lack enough knowledge) does that mean WCF will be accessible and limited only to currently logged users? 开发者_如何学编程I know one can catch communication data and try to reuse it later (I don't have ssl) but for that he should be logged in.
Right, wrong or just stupid in my own optimism?
Yes, because you have ASP.NET compatibility enabled and because you're using ASP.NET security, as long as you have the proper <authorization>
setting for the WCF resource it should be secured by ASP.NET security. At bare minimum this means you should have authorization defined as follows on the WCF resource:
<authorization>
<deny users="?" /> <!-- deny all anonymous users -->
<allow users="*" /> <!-- allow all authenticated users -->
</authorization>
Only if you allowed "*" would your WCF service be inaccessible to non-authenticated users.
You can read more about this here in this MSDN article under the section titled Hosting WCF Services in ASP.NET Compatibility Mode.
精彩评论