All geek questions in one place

WCF Authentication Extension

I need to extend WCF built-in authentication, so my new one should work alongside built-in ones.

For example, I want to allow access from a registered IP (user auth) or with a username + password (built-in auth).

I have successfully implemented ServiceAuthenticationManager and ServiceAuthorizationManager .

ServiceAuthenticationManager.Authenticate simply adds an IPrincipal implementation to the message properties, ServiceAuthorizationManager.CheckAccessCore copies the IPrincipal from incoming message properties to AuthorizationContext properties.

However, ServiceAuthenticationManager.Authenticate completely broken into standard mechanisms, even if I return authPolicy or the result of calling base.Authenticate .

Maybe I went the wrong way? What is the correct way to add custom WCF authentication without affecting existing ones? How do I opt out of integrated authentication if a user failure completes?

+6
source share
1 answer

The right approach:

Configuring ServiceHost in OnOpening Override

 Authorization.PrincipalPermissionMode = PrincipalPermissionMode.Custom; Authorization.ExternalAuthorizationPolicies = new ReadOnlyCollection<IAuthorizationPolicy>(new[] { new MyCustomAuthorizationPolicy() });

In the Evaluate method of the custom policy, assign three evaluation context properties “PrimaryIdentity” for IIdentity, “Identities” for collecting identifiers, and “Principal” for IPrincipal

 evaluationContext.Properties["PrimaryIdentity"] = identity; evaluationContext.Properties["Identities"] = new List<IIdentity>(new[] { identity }); evaluationContext.Properties["Principal"] = principal;
0
source

Source: https://habr.com/ru/post/914549/

More articles:


All Articles