3

I have defined an own ServiceCredentials provider:

class PasswordServiceCredentials : ServiceCredentials
{
}

That provider generates a custom SecurityTokenManager in CreateSecurityTokenManager() method when I start my ServiceHost:

public override SecurityTokenManager CreateSecurityTokenManager()
{
    if (this.UserNameAuthentication.UserNamePasswordValidationMode == UserNamePasswordValidationMode.Custom)
    {
        return new PasswordSecurityTokenManager(this);
    }

    return base.CreateSecurityTokenManager();
}

The PasswordSecurityTokenManager class:

class PasswordSecurityTokenManager : ServiceCredentialsSecurityTokenManager
{
}

The instance generates a custom SecurityTokenAuthenticator in CreateSecurityTokenAuthenticator() method:

public override SecurityTokenAuthenticator CreateSecurityTokenAuthenticator(SecurityTokenRequirement tokenRequirement, out SecurityTokenResolver outOfBandTokenResolver)
{
    outOfBandTokenResolver = null;

    return new PasswordSecurityTokenAuthenticator(this.ServiceCredentials
                                                      .UserNameAuthentication
                                                      .CustomUserNamePasswordValidator);
}

The generated instance is a custom CustomUserNameSecurityTokenAuthenticator.

The problem is that the overwritten ValidateUserNamePasswordCore() method is NOT CALLED at any time:

protected override ReadOnlyCollection<IAuthorizationPolicy> ValidateUserNamePasswordCore(String userName, String password)
{
    ReadOnlyCollection<IAuthorizationPolicy> currentPolicies = base.ValidateUserNamePasswordCore(userName, password);

    List<IAuthorizationPolicy> newPolicies = new List<IAuthorizationPolicy>();
    if (currentPolicies != null)
    {
        newPolicies.AddRange(currentPolicies.OfType<IAuthorizationPolicy>());
    }

    newPolicies.Add(new PasswordAuthorizationPolicy(userName, password));

    return newPolicies.AsReadOnly();
}

In my custom IAuthorizationPolicy provider PasswordAuthorizationPolicy I want to set a custom pricipal for the EvaluationContext in Evaluate() method.

But if the upper method is not called, no additional IAuthorizationPolicy item can be defined.

What wrong or missing here?

I DO NOT use XML to configure my service, I do this 100% in C# code!

EDIT: The code ist based on the following blog article: http://www.neovolve.com/post/2008/04/07/wcf-security-getting-the-password-of-the-user.aspx

1 Answers1

0

OK, I'm only asking because you never mentioned anything about your config file in your post, but are you setting your serviceCredentials type in your serviceBehaviors? Example:

<behaviors>
   <serviceBehaviors>
     <behavior name="YourCustomBehavior">
       <serviceDebug includeExceptionDetailInFaults="true" />
       <serviceCredentials type="Your.Namespace.PasswordServiceCredentials, Your.Namespace">
         <serviceCertificate findValue="localhost" x509FindType="FindBySubjectName" />
         <userNameAuthentication userNamePasswordValidationMode="Custom" />
       </serviceCredentials>
       <serviceAuthorization principalPermissionMode="Custom" />
     </behavior>
   </serviceBehaviors>
 </behaviors>

And if you are, are you referencing "YourCustomBehavior" in your behaviorConfiguration on your service node? Example:

<services>
   <service behaviorConfiguration="YourCustomBehavior"
    name="Your.Service.Namespace.YourService">
     <endpoint address="net.tcp://..."
      binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig"
      contract="Your.Service.Interface.Namespace.IYourService" />
   </service>
 </services>

It might be as obvious as that.


(source: avivacommunityfund.org)

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
saml
  • 463
  • 3
  • 14