I have a WCF service where I use a custom UserNamePasswordValidator to validate user.
public override void Validate(string userName, string password)
{
LoginHelper loginHelper = new LoginHelper();
loginHelper.ValidateUserRegularLogin(userName, password);
}
When this is done the IAuthorizationPolicy.Evaluate is triggered and this is where I set the principal to a custom user context like this :
evaluationContext.Properties["Principal"] = userContext;
The problem is that I need 2 things to get the proper usercontext and this is username and a value from the header.
I know that I can use a messageinspector to get the header data like this :
public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, IClientChannel channel, InstanceContext instanceContext)
{
IntegrationHeader integrationHeader;
LoginHandler loginHandler;
UserContextOnService userContext = null;
if (request.Headers.Action == null || request.Headers.Action.ToString().Length < 1)
return null;
foreach (var header in request.Headers)
{
if (header.Namespace == "ns" && header.Name == "SecurityToken")
{
return null;
}
}
throw new SecurityTokenException("Unknown username or invalid password");
}
But I need to get this information in the Evaluate method so I can make a proper login(set principal). Is it possible? And if so, how? What is the alternative?
PS. This will be done by call so no specific login method could be used.
Solved:
I ended up with this :
integrationHeader = OperationContext.Current.IncomingMessageHeaders.GetHeader<IntegrationCertificateHeader>(header.Name, header.Namespace);
Can you try to access header data with this ?