Inject behavior into WCF After or During identification of WebGet Method to call.

Question

I am trying to solve a problem where i have a WCF system that i have built a custom Host, Factory host, instance providers and service behaviors to do authentication and dependency injection.

However I have come up with a problem at the authorisation level as I would like to do authorisation at the level of the method being called. For example

        [OperationContract]
        [WebGet(UriTemplate = "/{ConstituentNumber}/")]
        public Constituent GetConstituent(string ConstituentNumber)
        {
            Authorisation.Factory.Instance.IsAuthorised(MethodBase.GetCurrentMethod().Name,  WebOperationContext.Current.IncomingRequest.Headers["Authorization"]);
            return constituentSoapService.GetConstituentDetails(ConstituentNumber);
        }

Basically I now have to copy the Call to IsAuthorised across every web method I have. This has two problems.

1. It is not very testable. I Have extracted the dependecies as best that I can. But this setup means that I have to mock out calls to the database and calls to the WebOperationContext.
2. I Have to Copy that Method over and over again.

What I would like to know is, is there a spot in the WCF pipeline that enables me to know which method is about to be called. Execute the authorisation request. and then execute the method based on the true false value of the authorisation response.

Even better if i can build an attribute that will say how to evaluate the method.

Answer 1

One possible way to do what you want might be by intercepting requests with a custom IDispatchMessageInspector (or similar WCF extension point).

The trick there, however, is that all you get is the raw message, but not where it will be processed (i.e. the method name). With a bit of work, however, it should be possible to build a map of URIs/actions and the matching method names (this is how you'd do it for SOAP, though haven't tried it for WebGet/WebInvoke yet).