469,621 Members | 2,244 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,621 developers. It's quick & easy.

Passing authenticated identities between tiers in a distributed ap

I’m working on the architecture of a distributed (multi-tier) application,
which is going to be created using Microsoft .NET technologies. I’d like my
Presentation layer (ASP.NET Web Application) communicate with the Business
layer through a Service Interface component (ASP.NET Web Service or a WCF
Service). The Service Interface is expected to be accessed not only
internally by the Presentation layer but also by external systems (it plays
the roles of both internal and external interfaces).

I’m going to use ASP.NET 2.0 Membership for authentication in the
Presentation layer and to use it also in the Service Interface component for
authenticating the calls coming from external systems. In this scenario, when
the Presentation layer component (ASP.NET application) calls the Service
Interface component, is it possible somehow to pass a sort of a token or
authentication ticket from the Presentation layer to the Service Interface
component in order to avoid additional authentication of a user at the
Service Interface layer, since the user was already successfully
authenticated at the Presentation layer?

What are the possible solutions, in general, if I want to make a Service
Interface component authenticate calls coming from external systems, but not
the calls coming from the Presentation layer (in this case I need the user
identity to be passed to the Service Interface from the Presentation layer
without additional authentication)?

Any suggestions and opinions are welcome. Thank you.
Apr 3 '06 #1
0 1082

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

10 posts views Thread by Noozer | last post: by
3 posts views Thread by Simon Harvey | last post: by
3 posts views Thread by Curious | last post: by
46 posts views Thread by ahmed.maryam | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.