Securing WCF in a DNN Architecture

Dec 21, 2010 at 5:32 AM

Joe, thanks for putting this together. There's not a lot of information or examples out there on securing webservices in a DNN architecture. I know some developers have resorted to copying some core DNN code and weaving it into their module, but I know there has to be a better way.

We're looking at doing more lightweight AJAX (jQuery/json2.js - not the bloated MS libraries) development within DNN. The challenge has been finding an easy way to secure these webservices, since they are designed for logged in users.

I see your system is checking a token to see what userid, portalid, etc that belong to a user.

And it appears that a username and password are sent and a token is returned.

However, in our use, using cookies the same way the DNN core does would be preferred. We can't ask a user to login twice just so we can use AJAX securely on a page. How can we use DNN's own security architecture with our webservices since we can already read the cookie?

I have a similar thread on the Forums:

http://www.dotnetnuke.com/Resources/Forums/tabid/795/forumid/160/postid/400984/scope/posts/Default.aspx#400984