I am trying to implement custom basic authentication for a WCF service using
my own custom credentials validator. My first attempt was to create
a IServiceBehavior behaviour and register it with the container. The service
behaviour registered my BasicAuthenticationInspector
(implementing IDispatchMessageInspector) as message inspector for all
endpoints. In BasicAuthenticationInspector, I overrode AfterReceiveRequest
and tried to perform credentials validation from there:
public object AfterReceiveRequest(ref Message request, IClientChannel
channel, InstanceContext instanceContext)
{
var authentication = new BasicAuthentication(MessageProperty.Headers);
if (!authentication.Authenticate(new CustomUsernamePasswordValidator()))
throw new BasicUnauthorizedException("My Realm");
var identity = new GenericIdentity(authentication.Username);
OperationContext.Current.SetupSecurityContext(new
IdentityAuthorizationPolicy(identity));
return null;
}
Everything works if the request contains valid credentials, but
when BasicUnauthorizedException is thrown the exception is not caught by the
global IErrorHandler in order to be translated into a Unauthorized http
status code. The caller receives a 500 error, instead. It seems that
IErrorHandler implementor is not called due to the fact that message
inspectors are ran too early in request lifecycle and further processing is
not done anymore in case of an exception.
WCFFacility is a real asset here due to the way it applies behaviours and I
would like to leverage a solution based on it.
My question would be if you can think of a better place where to hook in WCF
processing pipeline and perform my custom basic authentication or if you
know a working example somewhere using the wcf facility?
--
You received this message because you are subscribed to the Google Groups
"Castle Project Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/castle-project-users?hl=en.
