Hello Robert, i never used WCF but in web applications when this mistake happen is because someone forget put in the web.config this key
<customErrors mode="Off"></customErrors> the position for this tag is <system.web> .. .. .. <customErrors mode="Off"></customErrors> </system.web> cheers 2011/1/24 Robert M. <[email protected]> > I am trying to implement custom basic authentication for a WCF service > using my own custom credentials validator. My first attempt was to create > a IServiceBehavior behaviour and register it with the container. The service > behaviour registered my BasicAuthenticationInspector > (implementing IDispatchMessageInspector) as message inspector for all > endpoints. In BasicAuthenticationInspector, I overrode AfterReceiveRequest > and tried to perform credentials validation from there: > > public object AfterReceiveRequest(ref Message request, IClientChannel > channel, InstanceContext instanceContext) > { > var authentication = new BasicAuthentication(MessageProperty.Headers); > if (!authentication.Authenticate(new > CustomUsernamePasswordValidator())) > throw new BasicUnauthorizedException("My Realm"); > > var identity = new GenericIdentity(authentication.Username); > OperationContext.Current.SetupSecurityContext(new > IdentityAuthorizationPolicy(identity)); > return null; > } > > > Everything works if the request contains valid credentials, but > when BasicUnauthorizedException is thrown the exception is not caught by the > global IErrorHandler in order to be translated into a Unauthorized http > status code. The caller receives a 500 error, instead. It seems that > IErrorHandler implementor is not called due to the fact that message > inspectors are ran too early in request lifecycle and further processing is > not done anymore in case of an exception. > > WCFFacility is a real asset here due to the way it applies behaviours and I > would like to leverage a solution based on it. > > My question would be if you can think of a better place where to hook in > WCF processing pipeline and perform my custom basic authentication or if you > know a working example somewhere using the wcf facility? > > -- > You received this message because you are subscribed to the Google Groups > "Castle Project Users" group. > To post to this group, send email to [email protected] > . > To unsubscribe from this group, send email to > [email protected]<castle-project-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/castle-project-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Castle Project Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/castle-project-users?hl=en.
