Geek asks and answers

Anonymous access with WIF

After carefully searching for the answer to SO, I have to ask my first question this time!

Here:
I have a Windows Forms application that uses dozens of WCF services to handle all of the business logic. WIF is implemented on each individual WCF service, and users are authenticated using Basic UserName authentication.
Everything works well, except for the Ping () method that we have.
Before WIF was implemented, we used to call each WCF service using the dummy Ping () method during the splash screen to ensure that the service was started, but now the user cannot access this method since it is not registered yet.

Is there a way to distinguish between proven and anonymous methods in a service that implements WIF? I believe not, so I would like to know if an anonymous token can be issued by STS?

I'm pretty much out of ideas right now, so any help or just hints will be very appreciated :)

+3
source share
1 answer

Depending on your configuration, you can create a set of services in a specific folder on your site, and then add a custom configuration to this place, which does not include authentication and session modules.

As an example:

<location path="AnonymousServices">
    <system.webServer>
        <modules>
            <remove name="WSFederationAuthenticationModule" />
            <remove name="SessionAuthenticationModule" />
        </modules>
    </system.webServer>
</location>

I have not tried this in practice, but it should work.

+1
source

More articles:


All Articles