MSDN > Home page del forum > Windows Communication Foundation > When using Custom Username Authentication, is it possible to set Thread.CurrentPrincipal.Identity?

Formula una domanda

When using Custom Username Authentication, is it possible to set Thread.CurrentPrincipal.Identity?

mercoledì 24 giugno 2009 13.32

Chris Bardon

Registrati per votare

I'm experimenting with a custom UserName validator, and while it seems to work, I've noticed that even when the credentials are passed to the service and validated, other service methods treat the client as unauthenticated. For example, if I have something like this as the validator:

        public override void Validate(string userName,
            string password)
        {
            // Validate arguments
            if (userName == null)
                throw new ArgumentNullException("userName");
            if (password == null)
                throw new ArgumentNullException("password");

            // Validate username and password
            if (userName != "user" || password != "pass")
            {
                throw new SecurityTokenException(
                    "Invalid username or password.");
            }
        }

The method works as you'd expect. When I try to do this in the service method though:

string name = Thread.CurrentPrincipal.Identity.Name;
bool IsAuthenticated = Thread.CurrentPrincipal.Identity.IsAuthenticated;

The CurrentPrincipal identifies itself as a WindowsPrincipal, the Name is empty, and IsAuthenticated is false. I already passed a custom validation though, so why should this be the case? Is there a way to store the validated credentials in the Validate() method? Here's what I have in the config for the custom authentication:

          <serviceCredentials>
            <serviceCertificate findValue="chrislaptop2"
                    storeLocation="CurrentUser" storeName="My"
                                x509FindType="FindBySubjectName"/>
            <userNameAuthentication userNamePasswordValidationMode="Custom"
                    customUserNamePasswordValidatorType="TestAuthService.TestAuth, TestAuthService"/>
          </serviceCredentials>

And for the binding:

    <bindings>
      <wsHttpBinding>
        <binding name="UserNameWS">
          <security mode="Message">
            <transport clientCredentialType="None"/>
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

Is there anything else that I'm missing here, or is there a better way to implement custom validation that I'm missing?

Tutte le risposte

venerdì 3 luglio 2009 21.12Lars WilhelmsenMVP, Moderatore

0
Registrati per votare
Hi,

I think you can simply assign a new instance of GenericPrincipal / GenericIdentity to the CurrentPrincipal in your Validate method,
and later you will be able to use .IsAuthenticated and the other methods of the IPrincipal interface.

--larsw
Lars Wilhelmsen | Senior Consultant | Miles, Norway | Connected Systems MVP | http://larswilhelmsen.com/
- Risposta
- Citazione
domenica 5 luglio 2009 0.15Pedro FelixMVP, Moderatore

0
Registrati per votare
Hi,

Using "plain" WCF, see http://msdn.microsoft.com/en-us/library/aa702720.aspx or http://www.leastprivilege.com/CustomPrincipalsAndWCF.aspx
Basically, you have to create a custom authorization policy (IAuthorizationPolicy ) and set the "Principal" property of the evaluation context.

If you are using WCF+Geneva FX, then you should define a custom ClaimsAuthenticationManager .

HTH
Pedro Felix
http://pfelix.wordpress.com
- Risposta
- Citazione