i am developing an applications which uses ASP.Net MVC 4 (.Net 4.5) and self-hosted websockets. For the user-handling and login-process i use the default asp.net mvc formauthentication system.
Does any one have an idea, how to share the login-session between the IIS (ASP.Net MVC) and the Windows service?
Thank you!
If you have several applications that all require same user to be logged in, then you need to implement a security pattern called Single Sign-On (SSO).
This requires that you have a centralized place where your authentication is done, and that place is called Security Token Service (STS) or Identity Provider (IdP).
When user attempts to access either your MVC application or your websocket endpoints, your authentication logic in application must redirect him to STS. STS will then require credentials, and based on those it will issue a Security Token. Client will then return to application that has caused a redirect and carry token with it. That token can then be used on any other application in your realm and as long as it is valid (not expired), security session is valid/shared on all your applications.
I'd suggest that you read about Windows Identity Foundation (WIF) 4.5 and SSO patterns, as some of the things mentioned above come out-of-the-box with WIF.
