We were working on a huge application for a huge customer, we were really near to the first staging release and a requirement dramatically changed the shape…
The application is composed of two main parts: a SharePoint application and a set of WCF services that provides data to a SharePoint web part via JQuery/Ajax requests.
The main point was that the 2 parts are hosted in different web applications because SharePoint must run on .Net 3.5 and the other application requires .net 4.0, so the “pain point” is authentication, how can we authenticate calls coming from the SharePoint web page?
Using forms authentication on both ends and sharing the same machine key gave us single sign on, once the user is authenticated by SharePoint the forms authentication cookie will be sent by JQuery to WCF services and the user can be trusted even here using the membership API. So far, so good.
In the development environment, due to lack of time (grrrr…), the SharePoint guys used to deploy the SharePoint application using Windows Authentication…bad thing…and when it comes to the first integration between the to environments the SharePoint guys told us that they cannot switch so easily to Claim Based Authentication due to some problems they are facing (problems that I’m not aware of).
The first deploy in the customer staging environment was really near and not being able to switch means that we cannot deploy, period.
The requirement rapidly changed and the management asked us if we can change the authentication architecture of the WCF services, basically introducing a mixed mode authentication based on the endpoint, under pressure the first reaction was simply: no, it’s impossible.
Walking helps me think, I love walking around the office, for me it’s the best way to work. That evening I left the office thinking to the problem and walking to the railway station reduced the pressure…lighting the lamp.
The day after it took two hours of fights with the WCF configuration files and no changes at all in the codebase to support the new requirement, no changes to the codebase, cool, really cool.
The lesson learned is (well are):
- do all what you can to avoid pressure, it’s a waste;
- WCF extensibility and flexibility is pure power;