How to: Use Non-default Membership Provider for WCF Authentication Service
This topic shows how to programmatically select the membership provider when you call the ASP.NET authentication service by using Windows Communication Foundation (WCF). You can use a non-default membership provider when you have to authenticate users by using different membership providers, based on information that you get at run time. To authenticate through a non-default membership provider, you create an event handler for the Authenticating event.
You use WCF for the authentication service to log on a user from a client application that can send and consume a SOAP 1.1 message, such as a Java application. The client application can authenticate the user by using the same user credentials as an ASP.NET Web application.
To authenticate using non-default membership provider
Create and configure the membership provider you want to use.
For more information, see Implementing a Membership Provider and Configuring an ASP.NET Application to Use Membership.
In the Global.asax file, create an event handler for the Authenticating event and add code that authenticates user credentials by calling the custom membership provider.
The following example shows a handler for the Authenticating event that authenticates credentials by using the providers named ContosoSqlProvider, FabrikamSqlProvider, or the default membership provider. The user credentials are stored in different databases based on the type of user. The event handler determines which provider to use based on the e-mail address that is provided as the user name.
Sub AuthenticationService_Authenticating _ (ByVal sender As Object, _ ByVal e As System.Web.ApplicationServices.AuthenticatingEventArgs) If (e.Username.IndexOf("@contoso.com") >= 0) Then e.Authenticated = Membership.Providers("ContosoSqlProvider").ValidateUser(e.Username, e.Password) ElseIf (e.Username.IndexOf("@fabrikam.com") >= 0) Then e.Authenticated = Membership.Providers("FabrikamSqlProvider").ValidateUser(e.Username, e.Password) Else e.Authenticated = Membership.Provider.ValidateUser(e.Username, e.Password) End If e.AuthenticationIsComplete = True End Subvoid AuthenticationService_Authenticating(object sender, System.Web.ApplicationServices.AuthenticatingEventArgs e) { if (e.UserName.IndexOf("@contoso.com") >= 0) { e.Authenticated = Membership.Providers["ContosoSqlProvider"].ValidateUser(e.UserName, e.Password); } else if (e.UserName.IndexOf("@fabrikam.com") >= 0) { e.Authenticated = Membership.Providers["FabrikamSqlProvider"].ValidateUser(e.UserName, e.Password); } else { e.Authenticated = Membership.Provider.ValidateUser(e.UserName, e.Password); } e.AuthenticationIsComplete = true; }In the Application_Start method of the Global.asax file, bind the event handler for the Authenticating event.
The following example shows how to bind a handler to the Authenticating event.
Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs) AddHandler System.Web.ApplicationServices.AuthenticationService.Authenticating, _ AddressOf Me.AuthenticationService_Authenticating End Subvoid Application_Start(object sender, EventArgs e) { System.Web.ApplicationServices.AuthenticationService.Authenticating += new EventHandler<System.Web.ApplicationServices.AuthenticatingEventArgs>(AuthenticationService_Authenticating); }Call the authentication service from an application that can read and consume a SOAP 1.1 message.
Compiling the Code
You must set up the authentication service on a Web server for the previous examples to work. For more information, see How to: Enable the WCF Authentication Service.
Security
Always access the authentication service by using the Secure Sockets Layer (SSL), using HTTPS protocol.
See Also
Concepts
Windows Communication Foundation Authentication Service Overview