2

I have a WCF service with netTcp Binding (Message - UserName).

I implemented my own UserNamePasswordValidator.Validate Method, in this Method I check the credentials and there I get an variable which I need later in my customPrincipal.

My Question now, how can I get this variable from my UserNamePasswordValidator to the customPrincipal?

Edit

Got it to work, i had to implement the following custom things:

  • CustomServiceCredentials
  • ServiceCredentialsSecurityTokenManager
  • UserNameSecurityTokenAuthenticator
  • UserNamePasswordValidator
  • -> with custom Validation method with return value
  • AuthorizationPolicy
RaphaelH
  • 2,144
  • 2
  • 30
  • 43

1 Answers1

0

UserNamePasswordValidator is intended to just check the credentials. You probably want System.IdentityModel.Policy.IAuthorizationPolicy. See the answer to this question.

Update: The problem is that OperationContext is not available yet in UserNamePasswordValidator so you can't use it to pass your contextual variable to the point where you're able to instantiate custom principal (IAuthorizationPolicy). So i would create a static dictionary keyed with username (values are your authentication method if i got you right) available to both custom UserNamePasswordValidator and IAuthorizationPolicy implementation. If you're on .NET 4 ConcurrentDictionary is the way to go 'cause you need to deal with concurrency. So your validator will insert/update username/auth-method pair into the dictionary and your IAuthorizationPolicy class will grab it by username (you can obtain it from EvaluationContext) and re-instantiate the principal. Unfortunately i cannot imagine more elegant solution (if any).

Community
  • 1
  • 1
UserControl
  • 14,766
  • 20
  • 100
  • 187
  • Problem is, i have only in the UserNamePasswordValidator access to the password, and this is needed to check the user and get the specified Variable.. – RaphaelH Nov 01 '11 at 10:40
  • Can you describe what you're trying to achieve? – UserControl Nov 01 '11 at 11:12
  • I am authenticating the Credentials against two mechanism, the return value determinates which mechanism (or both) was successful. This is necessary in later Process to get the right Roles for that User! – RaphaelH Nov 01 '11 at 12:00
  • You're right. OperationContext isn't available. You almost got me right.. Problem is, these two Validation mechanism are Active Directory and another Software. One username can come up in both systems.. So the Dictionary doesn't make sense, I could also save the password in it, but i don't have the password in IAuthorizationPolicy (so i couldn't get the right Entry without password).. I think I have to trace how's the Authentication/Authorization passes.. Maybe I could implement custom UserNamePasswordValidation Method with return value and so on? But i don't know how could trace that! – RaphaelH Nov 02 '11 at 06:19