WCF service authorization manager setting the Thread.CurrentPrincipal

3.5k views Asked by At

I have a custom ServiceAuthorizationManager where i override CheckAccess and validate a custom auth token that is part of the URL. After i validate, i set the Thread.CurrentPrincipal with a GenericPrincipal. But when the request finally reaches my service method, Thread.CurrentPrincipal is gone, it is not what i set in the auth manager. What's going wrong?

2

There are 2 answers

2
sash On BEST ANSWER

I got around this by setting principalPermissionMode="None" in the service behavior where i register the service auth manager. This is supposed to tell the wcf runtime not to put any principal in the current thread. If you set it to "custom", it overwrites whatever principal you set using a GenericPrincipal.

0
Phil Degenhardt On

If you do not wish to use the built-in mechanisms for authorization, WCF requires that the current principal be identified via an IAuthorizationPolicy to be properly integrated in the WCF pipeline. You will need to specify and PrincipalPermissionMode of 'Custom'.

For a detailed introduction see this article: Authorization In WCF-Based Services