I have a simple authorization setting that checks certain configured active directory roles in a user authorization policy (IAuthorizationPolicy) - and adds claims if these roles are present. In addition, I have a subclass of ServiceAuthorizationManager that overrides CheckAccessCore. It verifies ownership of some of the claims that were added when evaluating a user authorization policy to confirm or reject an incoming message.
So, setting up these components works fine in my service - my question arises when they are called / the lifetime of the objects associated with them. My subclass ServiceAuthorizationManager is called for every call made by the service - this is what I expected. However, my individual authorization policy is also invoked on every service call - this is not what I expected. I can see with every service call, a new AuthorizationContext object is created.
I think my expectations were based on the following: AuthorizationContext will be created after authentication - and this will not happen every time the service is called, since the client connects to NetTcpBinding in one proxy with every call (and I thought with the same open socket on the transport ) using transport security with Windows credentials with an instance of the service session.
So, I expected in general that an AuthorizationContext would only be generated when a new session is created or when the old AuthorizationContext object expires in accordance with its ExpirationTime property (and not every time the service is called).
So, if someone can tell me what the reality of the situation is for the life of the AuthorizationContext object, or maybe tell me how to change the service to make it behave as I expected, I would really appreciate it.
In the context - if that matters - I'm still using the CLR 3.0 libraries.
thanks
source
share