Populating the PrimaryIdentity in WCF

Question

Hi, I'm using simple HTTP headers to pass a token to a WCF service for authentication (The WCF service is required to use the basicHTTPBinding, so I unfortunately cannot use the canned ws-security implementation). I would like to populate the PrimaryIdentity object so the WCF services can examine it to determine the authenticated user.

The issue is that the OperationContext.Current.ServiceSecurityContext.PrimaryIdentity property is read-only at the time I'm trying to populate it. I've tried using SecurityTokenAuthenticators and IAuthorizationPolicy objects to set the identity info, but that route seems to require the use of message-level security (such as always sending in a username and password), which isn't what I want.

Can anyone shed light on how I could set the PrimaryIdentity field?

Answer 1

PrimaryIdentity is not intended to be populated by you - it's the WCF runtime's job to determine who's calling, and set the PrimaryIdentity accordingly.

So if you're calling with Windows credentials, then you'll get a WindowsIdentity stored there; if you're using ASP.NET membership providers, you'll get that caller stored into the PrimaryIdentity.

The only way you could actually set this is by creating your own custom server-side authentication mechanism and plug that into WCF.

See:

• WCF Authentication Service Overview
• Fundamentals of WCF Security - Authentication, Authorization, Identities
• WCF Custom Authentication and Impersonation