views:

46

answers:

0

Hi All,

I did the walkthrough here. I'm trying to Authenticate a user on the first call into a service and then each subsequent call, verify that the user is authenticated, and call a method. I'm having all kinds of trouble. CurrentUser.Identity.IsAuthenticated always seems to be false. On Application_AuthenticateRequest I run this...

if (!(HttpContext.Current.User == null))
        {
            if (HttpContext.Current.User.Identity.IsAuthenticated)
            {
                if (HttpContext.Current.User.Identity.GetType() == typeof(FormsIdentity))
                {
                    FormsIdentity fi = (FormsIdentity)HttpContext.Current.User.Identity;
                    FormsAuthenticationTicket fat = fi.Ticket;

                    String[] astrRoles = fat.UserData.Split('|');
                    HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
                }
            }
            else
            {
                Authenticate();
            }
        }
        else
        {
            Authenticate();
        }

And the Authenticate method does this....

private void Authenticate()
    {

        var proxy = ATISAuthProxy.ATISAuthenticationService;
        using (new OperationContextScope(proxy))
        {
            try
            {
                var config = (ATISExternalSettings)ConfigurationManager.GetSection("ATISExternalSettings");
                if (config != null)
                {
                    bool isAuthenticated = proxy.Login(config.UserName, config.Password, null, true);
                    if (isAuthenticated)
                    {
                        CookieContainer cookieContainer = CookieContainerManager.GetCookies(OperationContext.Current);
                        if (HttpContext.Current != null && HttpContext.Current.Session != null)
                        {
                            HttpContext.Current.Session[ATIS_COOKIE_CONTAINER] = cookieContainer;
                        }

                    }
                }
            }
            catch (EndpointNotFoundException enfe)
            {
                log.Info(enfe.Message);
                if (enfe.InnerException != null && enfe.InnerException.Message != null)
                {
                    log.Info(enfe.InnerException.Message);
                }
                return;

            }


        }


    }

The Session is always null so I never get to set the cookieContainer...

I was trying to inject the cookieContainer into the next request, so the user would already be authenticated. The doesn't seem to be a good way to do this....

 private void InjectCookieContainerIntoRequest(OperationContext context)
    {
        if (Session[ATIS_COOKIE_CONTAINER] != null)
        {
            var cookieContainer = Session[ATIS_COOKIE_CONTAINER] as CookieContainer;
            if(cookieContainer != null)
            {
                CookieContainerManager.SetCookies(context, cookieContainer);
            }

        }
    }

Does anyone know how the best practices to do what I'm trying to do. The requirement is to Authenticate the first call, then just verify the current user is Authenticated and just call the next method. I realize WCF services are stateless by nature, I'm just trying to tack on the cookieContainer to each request. What am I doing wrong, or what can I do better.

Thanks for any tips,
~ck