WCF Service - Custom Principal

Question

In the constructor of my WCF service class I am setting the current principal to be that of the principal passed in the header of the message:

Thread.CurrentPrincipal = OperationContext.Current.IncomingMessageHeaders.GetHeader<BBPrincipal>("bbPrincipal", "ns");

This seems to work fine, however when I come to reference the principal in a method, the Thread.CurrentPrincipal has reverted to a WindowsPrincipal.

Presumably the method is firing on a different thread. How can I ensure that the method is using the principal set in the constructor of the service?

You need to explain what is the goal you are trying to achieve. Do you want to run your service under a different account/impersonate? Of course the thread for processing incoming request will be different from the one created the service. — Aliostad, Sep 20 '10 at 09:17
Where are you executing this code: "setting the current principal to be that of the principal passed in the header of the message" - I'm very interested because I have a similar problem. — Daniel James Bryars, Aug 12 '14 at 03:23

score 8 · Accepted Answer · answered Nov 11 '10 at 10:05

8

I've just found the answer to my original question. In order to stop WCF overriding the principal with a blank one, set the following in the behavior configuration:

<serviceAuthorization principalPermissionMode="None" />

Simple as that and no need to made sweeping changes to the existing code base.

See: http://connect.microsoft.com/VisualStudio/feedback/details/369445/wcf-service-configured-for-transport-security-shouldnt-change-thread-currentprincipal

answered Nov 11 '10 at 10:05

David Ward

3,739
10
44
66

I did the same thank you! I tried setting the principal while validating the user credential (in a UserNamePasswordValidator) and can retrieve it in my services. Anyway I was wondering if you experienced some misterious problem as everybody (and ms documentation) say: "set your principal in a custom authorization policy". Tnx again in advance. – Fabio Bonfante Sep 09 '12 at 18:15

score 4 · Answer 2 · edited Jun 15 '12 at 01:30

4

WCF always sets principal in AuthorizationPolicy so it probably overwrites your changes. You should implement custom authorization policy and set principal there.

edited Jun 15 '12 at 01:30

Randy Burden

2,611
1
26
34

answered Sep 20 '10 at 09:27

Ladislav Mrnka

360,892
59
660
670

+1 for principalPermissionMode="Custom". Another useful example of this is in the DotNetOpenAuth sample code for the [OAuthResourceServer](https://github.com/DotNetOpenAuth/DotNetOpenAuth/tree/master/samples/OAuthResourceServer/Code) – Dylan Hogg Oct 05 '12 at 06:15

WCF Service - Custom Principal

2 Answers2

Linked