I am trying to configure a custom IAuthorisationPolicy that I can provide ServiceAuthorizationBehaviour to set my own IPrincipal implementation. I followed the instructions here and wrote a test that checks that this works in self-service using the NetNamedPipes binding.
The problem is that when I try to use this hosting in IIS, the Identities property is not set in the eventContext, which is passed to my IAuthorisationPolicy (whereas this happens during self-service).
The following is an example from my configuration file:
<customBinding>
<binding name="AuthorisedBinaryHttpsBinding" receiveTimeout="00:03:00" sendTimeout="00:03:00">
<security authenticationMode="UserNameOverTransport">
</security>
<binaryMessageEncoding>
</binaryMessageEncoding>
<httpsTransport />
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CommonServiceBehaviour">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="AdminSqlMembershipProvider"/>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
(Note that I am setting up ServiceAuthorisationBehavior through code, so it does not appear here)
, Identities?
IAuthorisationPolicy :
public class PrincipalInstallingAuthorisationPolicy : IAuthorizationPolicy
{
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
var identity = GetClientIdentity(evaluationContext);
if (identity == null)
{
return false;
}
var principal = new GenericPrincipal(identity, groups);
evaluationContext.Properties["Principal"] = principal;
return true;
}
private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
{
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
{
return null;
}
IList<IIdentity> identities = obj as IList<IIdentity>;
if (identities == null || identities.Count <= 0)
{
return null;
}
return identities[0];
}
...
}