I am currently writing a WCF service that will use ASP.NET Identity to perform all membership and claims related stuff. (That is, authentication, registration, and all will be performed by calling this WCF)
[DataContract(IsReference=true)]
public class ApplicationUser: IdentityUser
{
[DataMember]
public string FirstName { get; set; }
[DataMember]
public string LastName { get; set; }
[DataMember]
public string Email { get; set; }
}
The problem is that "IdentityUser" is a class in Microsoft.Aspnet.Identity.Core.Entityframework assembly, and this class is not marked with DataContract attribute. I am writing an operation in my WCF service to return ApplicationUser to the calling website.
Any idea of how to achieve this?
Create a data transfer object (DTO) that has a data contract that has the same properties as the ApplicationUser class. You will have to do a transformation from your DTO to the ApplicationUser, and the other way. Use AutoMapper to do the transformation.
Personally I do not see any real benefit of putting security behind a WCF web service. A network hop and serialization/deserialization on every authorization is really going to dog your web application.
It is a good idea to separate it into a different layer, but that layer does not have be to be a web service. Take a look at SimpleSecurity. It provides a layer over ASP.NET Identity and demonstrates how to customize it for email confirmation and other enhanced functionality. Your authorization functionality is not a good item to distribute because it is hit for every request from the web client.