When using Custom Username Authentication, is it possible to set Thread.CurrentPrincipal.Identity?

quarta-feira, 24 de junho de 2009 13:32

Chris Bardon

Entrar para Votar

I'm experimenting with a custom UserName validator, and while it seems to work, I've noticed that even when the credentials are passed to the service and validated, other service methods treat the client as unauthenticated. For example, if I have something like this as the validator:

        public override void Validate(string userName,
            string password)
        {
            // Validate arguments
            if (userName == null)
                throw new ArgumentNullException("userName");
            if (password == null)
                throw new ArgumentNullException("password");

            // Validate username and password
            if (userName != "user" || password != "pass")
            {
                throw new SecurityTokenException(
                    "Invalid username or password.");
            }
        }

The method works as you'd expect. When I try to do this in the service method though:

string name = Thread.CurrentPrincipal.Identity.Name;
bool IsAuthenticated = Thread.CurrentPrincipal.Identity.IsAuthenticated;

The CurrentPrincipal identifies itself as a WindowsPrincipal, the Name is empty, and IsAuthenticated is false. I already passed a custom validation though, so why should this be the case? Is there a way to store the validated credentials in the Validate() method? Here's what I have in the config for the custom authentication:

          <serviceCredentials>
            <serviceCertificate findValue="chrislaptop2"
                    storeLocation="CurrentUser" storeName="My"
                                x509FindType="FindBySubjectName"/>
            <userNameAuthentication userNamePasswordValidationMode="Custom"
                    customUserNamePasswordValidatorType="TestAuthService.TestAuth, TestAuthService"/>
          </serviceCredentials>

And for the binding:

    <bindings>
      <wsHttpBinding>
        <binding name="UserNameWS">
          <security mode="Message">
            <transport clientCredentialType="None"/>
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

Is there anything else that I'm missing here, or is there a better way to implement custom validation that I'm missing?

Todas as Respostas

sexta-feira, 3 de julho de 2009 21:12Lars WilhelmsenMVP, Moderador

0
Entrar para Votar
Hi,

I think you can simply assign a new instance of GenericPrincipal / GenericIdentity to the CurrentPrincipal in your Validate method,
and later you will be able to use .IsAuthenticated and the other methods of the IPrincipal interface.

--larsw
Lars Wilhelmsen | Senior Consultant | Miles, Norway | Connected Systems MVP | http://larswilhelmsen.com/
- Responder
- Citação
domingo, 5 de julho de 2009 0:15Pedro FelixMVP, Moderador

0
Entrar para Votar
Hi,

Using "plain" WCF, see http://msdn.microsoft.com/en-us/library/aa702720.aspx or http://www.leastprivilege.com/CustomPrincipalsAndWCF.aspx
Basically, you have to create a custom authorization policy (IAuthorizationPolicy ) and set the "Principal" property of the evaluation context.

If you are using WCF+Geneva FX, then you should define a custom ClaimsAuthenticationManager .

HTH
Pedro Felix
http://pfelix.wordpress.com
- Responder
- Citação