Hi
I have a service that uses a custom "UserNamePasswordValidator" and need to save the validated user object to be able to retrieve it later in the service. How can I do this? Or how can I access the credentials of the user later in the service?
/Viktor
The short answer is that the most correct option is to create an IPrincipal instance that represents the authenticated user and put it on Thread.CurrentPrincipal.
All code running on the same thread later in the service will be able to access the authenticated user through Thread.CurrentPrincipal.
This is the standard way of dealing with authenticated users in .NET (and therefore also in WCF).
It isn't that simple. The problem is that the custom UserNamePasswordValidator gets called before the AuthorizationPolicy.Evaluate() and somewhere in between, WCF initializes Thread.CurrentPrincipal itself. I've tried setting it inside the password validator but it doesn't work, it gets clobbered immediately after by WCF when the initial principal is created. The only way I can make it work is if I wait and set Thread.CurrentPrincipal in the AuthorizationPolicy.Evaluate() method.
I would like to hear a WCF guru explain this because I see so many WCF beginners having the same issue with this and I see it as a flaw in the WCF design.