We are using Message Inspector to customize the SOAP message by adding some information at client side and retrieving the added information at the server side. We are also using Custom Authorization Manager by using ServiceAuthorizationManager to use retrieved SOAP based Message information.
To customize the SOAP messages, we are overriding two methods:
a) BeforeSendRequest (Client Side) - This method is used to customize the SOAP message header in Message Inspector.
public object BeforeSendRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
{
Dictionary<string,string> headerInfo = new Dictionary<string,string>();
headerInfo.Add("UserId","1111");
MessageHeader header = MessageHeader.CreateHeader("LocalName", "NamespaceURI", headerInfo);
request.Headers.Add(header);
return null;
}
b) AfterReceiveRequest (Server Side) - This method is used to fetch the customized SOAP message in Message Inspector.
public object AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
{
Dictionary<string, string> headerInfo = request.Headers.GetHeader<Dictionary<string, string>>("LocalName", "NamespaceURI");
return null;
}
Now, when request is made from the client side then first call is being made in Custom Authorization Manager class instead of AfterReceiveRequest() in Message Inspector at Server side.
We have registered our Custom Authorization Manager in the App.config file as shown:
<serviceBehaviors>
<behavior name="SampleAuthorizationService.Service1Behavior">
<serviceMetadata httpGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceAuthorization principalPermissionMode="Custom" serviceAuthorizationManagerType="SampleAuthorizationSecurity.CustomAuthorizationManager, SampleAuthorizationSecurity">
<authorizationPolicies>
<add policyType="SampleAuthorizationSecurity.CustomAuthPolicy, SampleAuthorizationSecurity"/>
</authorizationPolicies>
</serviceAuthorization>
</behavior>
</serviceBehaviors>
The flow should be from Message Inspector to Custom Authorization Manager at server side. But, in our case the flow is exactly opposite i.e. from Custom Authorization Manager to Message Inspector. This might be happening due to Registration of Custom Authorization Manager in the App.config.
Can anyone help me out to change the flow from Message Inspector to Custom Authorization Manager at server side?
I couldn't find a way to invoke Message Inspector before Service Authorization Manager, so I solved this problem by redefining method
CheckAccess(OperationContext operationContext, ref Message message)in Service Authorization Manager and doing all the work in this method. It's not a pretty solution but it does the work :)