Retrieving the currently authenticated user in a WCF service.

Question

Today, I implemented a custom authentication provider for my WCF service. It is able to determine if my user is valid or not, just as expected.

So, now I have this class:

public class MyCustomValidator : UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        User apiUser = User.Login(userName, password);

        // other logic goes here.
    }
}

The behaviour of my application depends on what objects the User can access. So, how can I get my User object from here to my service class? There is no immediately obvious way that I can see, as my service class does not inherit from anything by default, unlike the ASP.NET controllers.

My first instinct is to set up a static parameter in MyCustomValidator and then read it from there, but I suspect that a race condition could occur. Can anyone confirm or deny my suspicions?

And most importantly: Is there a better way to do this? This is the first time I have ever used WCF, so I'm not aware of the best practices involved here.

Thank you for your time.

Answer 1

You want to pass some data from validator to service instance. It is bad because you can't do it. UserNamePasswordValidator is only for validating credentials (user name and password). You don't have access to anything from your validator. It even doesn't see current operation context because it runs in different thread. Using static parameter is not a sloution - as you mentioned it is race condition.

I think you need to implement custom authentication and authorization and it is not easy: WCF Authorizaton, Custom Authorization, Custom credentials and validation