Hi gang,
I've been working through various samples to try and piece together a solution for SAML token-based authentication for ASP.Net web services and WCF RESTful web services... some of the samples I've been referencing:
- http://custombasicauth.codeplex.com/Wikipage
- http://www.leastprivilege.com/SecuringWCFDataServicesUsingWIF.aspx
- http://weblogs.asp.net/cibrax/archive/2010/02/17/a-good-way-to-handle-claim-based-security-in-restful-services.aspx
- etc...
I've been battling my way through each roadblock, and I'm so close I can taste it. The latest block that's got me is this:
If I use the regular WebServiceHostFactory, the custom authorization policies are applied and Thread.CurrentPrincipal ends up taking the value that my HttpModule set for HttpContext.Current.User... but... if I use the WebServiceHost2Factory (i.e. from the REST Starter Kit) to gain the auto help endpoint, etc..., then the auth policies aren't applied, and the Thread.CurrentPrincipal ends up being an instance of RoleProviderPrincipal in no way related to the ClaimsPrincipal I set in the HttpModule.. :-(
Any thoughts, ideas how to get the WebServiceHost2Factory to play nice with the custom / overridden principal?
Thanks,
Tyler