WCFCore and serviceAuthorizationManager not working

Question

I'm trying to assemble a .Net 6 WCF Service with WCFCore, using a basicHttpBinding, and I'm strugling to add a service authorization manager.

My purpose is to enable WCF to read and validate bearer tokens and use OAuth. I can't move to REST because of legacy applications compatibility, so I need to keep WCF but use bearer tokens.

My service at this stage is quite simple:

[ServiceContract]
public interface IService
{
    [OperationContract]
    string GetData(int value);

    [OperationContract]
    CompositeType GetDataUsingDataContract(CompositeType composite);
}

public class Service : IService
{
    public string GetData(int value)
    {
        return string.Format("You entered: {0}", value);
    }

    public CompositeType GetDataUsingDataContract(CompositeType composite)
    {
        if (composite == null)
        {
            throw new ArgumentNullException("composite");
        }
        if (composite.BoolValue)
        {
            composite.StringValue += "Suffix";
        }
        return composite;
    }
}

// Use a data contract as illustrated in the sample below to add composite types to service operations.
[DataContract]
public class CompositeType
{
    bool boolValue = true;
    string stringValue = "Hello ";

    [DataMember]
    public bool BoolValue
    {
        get { return boolValue; }
        set { boolValue = value; }
    }

    [DataMember]
    public string StringValue
    {
        get { return stringValue; }
        set { stringValue = value; }
    }
}

My Program.cs:

    var builder = WebApplication.CreateBuilder();

builder.Services.AddServiceModelServices();
builder.Services.AddServiceModelConfigurationManagerFile("wcf.config");
builder.Services.AddServiceModelMetadata();
builder.Services.AddSingleton<IServiceBehavior, UseRequestHeadersForMetadataAddressBehavior>();

builder.Services.AddSingleton<OAuthAuthorizationManager>();

var app = builder.Build();


app.UseServiceModel(bld =>
{
    bld.AddServiceEndpoint<Service, IService>(new BasicHttpBinding(BasicHttpSecurityMode.Transport), "/Service.svc");
    var mb = app.Services.GetRequiredService<ServiceMetadataBehavior>();   
    mb.HttpsGetEnabled = true;
});
app.Run();

Then my wcf.config:

    <?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.serviceModel>
      <bindings>
        <basicHttpBinding>
          <binding name="basicBinding" receiveTimeout="00:10:00">
            <security mode="Transport" />
          </binding>
        </basicHttpBinding>
      </bindings>
      <services>
        <service name="CoreWCFService.Service" behaviorConfiguration="Default">
          <endpoint address="basic" binding="basicHttpBinding" bindingConfiguration="basicBinding" contract="CoreWCFService.IService"  />       
        </service>
      </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="Default">
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceMetadata httpGetEnabled="true" />
          <serviceAuthorization serviceAuthorizationManagerType="CoreWCFService.OAuthAuthorizationManager,CoreWCFService" />
          <dataContractSerializer maxItemsInObjectGraph="10000000" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    </system.serviceModel>
</configuration>

But when I call the service with tokens, nothing happens on the authorization manager, the operation runs simply ignoring this service behavior.

Is there anyone out there that can help me with this?

Answer 1

You may refer to the Corewcf project template. There are a few things to note:

1. The interface and its implementation need to be separated to facilitate subsequent maintenance and invocation of the interface.

2. We need to look at the UseServiceModel part in Program.cs.