IIS module and WCF | ansaurus

tags:

views:

21

answers:

1

+2 Q:

IIS module and WCF

I have written an IIS module (base IHttpModule) that does some custom (OpenAuth) authentication before preceding to my WCF REST service. I have extended GenericPrincipal to track my user, with an IIdentity, and set the context.User field to my new principal: application.context.User = principal

However, when I receive the context in WCF (next step down the pipeline), the User shows up as a "default" unauthenticated WindowsPrincipal (not the GenericPrincipal that i set).

I see lots of stuff on the net about making this work (including aspNetCompatibilityEnabled="true" for serviceHostingEnvironment, playing with OperationContext, etc...) But nothing I have tried seems to work.

Two questions:

Is there a way to get this to work (or am I just barking up the wrong tree here).
What would be the canonical way to do this, or maybe the more "WCF" way to handle this custom authentication.

Thanks

A:

You have to set your principal identity during the authorization phase in WCF. This requires a custom Authorization Policy. I suggest you read this article for more info. I've not tried to do this with a custom HttpModule and REST, but I have successfully done so with the default authentication schemes.

Randolpho 2010-08-04 18:54:28

related questions

How do I write Firefox add-on that automatically enters proxy passwords?

Login Integration in PHP

Strange Rails Authentication Issue

Concurrent logins in a web farm

Is there a browser equivalent to IE's ClearAuthenticationCache?

How can I authenticate using client credentials in WCF just once?

Why can't I connect to my CAS server with Perl's AuthCAS?

Best Solution For Authentication in Ruby on Rails

Authenticate on an ASP.Net Forms Authorization website from a console app

How do I use NTLM authentication with Active Directory

What have you used Windows CardSpace for, if anything

Forms Authentication across Applications

Retreiving the PC Name of a Client? (Windows Auth)

How would you implement FORM based authentication without a backing database?

What's the best way to authenticate over WCF?

Only accepting certain ajax requests from authenticated users

OpenID authentication in Ruby on Rails

OpenID Attribute Exchange - should I use it?

OpenID: which provider should I recommend to my users?

What to use for login ID?

ASP.NET authentication: user name Vs User ID

How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS

How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?

Checklist for IIS 6/ASP.NET Windows Authentication?

The Definitive Guide To Website Authentication