Setting the Identity/Principal from a MessageInspector in WCF

views:

131

answers:

+3 Q:

Setting the Identity/Principal from a MessageInspector in WCF

I am developing a WCF service that receives the user's credentials in the SOAP header. These credentials are read on the server side using a MessageInspector. So far so good.

I want to set the Thread.CurrentPrincipal to a custom principal (CustomPrincipal), but when I do this from the MessageInspector, it gets overridden by the time the service is invoked. When is the best time to set the principal? Also what is the best way to pass the principal, identity or credentials from the inspector to that location?

+1 A:

IIRC, to do this you need to set the principal permission mode to "custom" and use an authorization policy, like so. As far as I know, the call to IAuthorizationPolicy.Evaluate is the only place it is expecting you to set a principal, and when I tried this without using IAuthorizationPolicy it discarded my principal (which makes sense, since there is no guarantee that WCF will use the same thread at each point in the pipeline).

Marc Gravell 2010-03-30 05:26:59

Where does the IIdentity get set into the EvaluationContext? I need to figure out what credentials are passed in the header.

Robert Wagner 2010-03-30 05:32:52

@Robert - I'm sorry, it has been literally years since I last did this; I don't remember.

Marc Gravell 2010-03-30 06:12:34

Just a note, if you are hosting the WCF services within IIS, you can enable the aspnetcompatibility behavior for your service. In that case you can set HttpConext.Current.User to the user you just authenticated within your message inspector.

codemeit 2010-03-30 06:10:38

Rory has a post that describes a solution to this problem. http://www.neovolve.com/post/2008/04/07/wcf-security-getting-the-password-of-the-user.aspx

An Phu 2010-08-06 11:14:14

ansaurus

tags:

views:

answers:

Setting the Identity/Principal from a MessageInspector in WCF

related questions