|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
| |
04-26-2007
| #1 (permalink) |
| | CustomValidator and CustomIPrincipal Greetings I need to be able to: - validate credentials against our own store (done) - create an existing user object based on the store (done) - create a custom Identity with an extra property that contains the user object. (done) I can do all three of those steps individually, but I'm having trouble with some WCF implementation details. Where do I do which step? I've been all over google and have found a lot of good information for this, but a lot of it is from pre-release and doesn't necessarily apply anymore. I also found this excellent post: http://groups.google.co.uk/group/mic...40905d321cce17 When the CustomValidator is called, I have what I need (username and password) to recreate our user object. However, I can't set the thread principal or PrimaryPrincipal at that point because, apparently, that's not the thread that the service method executes on. (Additionally, I don't see how to set the PrimaryPrincipal yet. I saw examples using a properties collection, but those were pre release and have notes that say they won't work any more). I'd prefer to use the thread principal because that would allow it to play well with the other kids. Based on reading, it seems the place to set the principal is in the Authorization Policy, but at that point I don't have the username and password so I can't create the object. If that strategy is correct, then how do I persiste an object between the CustomValidator to the Authorization Policy? I'm using the "Programming WCF Services" book, which is good. Any recommendations for another good one? Thanks in advance for your help. Jay |
My System Specs |
|
04-26-2007
| #2 (permalink) |
| | Re: CustomValidator and CustomIPrincipal Correction: I see now that CustomValidator does execute in the same thread as the service method. However, the principal I set in the validator is overwritten by a windows principal by the time it gets to the methods. "Jay Allard" <jay@allardworks.com> wrote in message news:7cudnZXVes5rYa3bnZ2dnUVZ_hKdnZ2d@adelphia.com... > Greetings > > I need to be able to: > - validate credentials against our own store (done) > - create an existing user object based on the store (done) > - create a custom Identity with an extra property that contains the user > object. (done) > > I can do all three of those steps individually, but I'm having trouble > with some WCF implementation details. Where do I do which step? > > I've been all over google and have found a lot of good information for > this, but a lot of it is from pre-release and doesn't necessarily apply > anymore. I also found this excellent post: > > http://groups.google.co.uk/group/mic...40905d321cce17 > > > When the CustomValidator is called, I have what I need (username and > password) to recreate our user object. However, I can't set the thread > principal or PrimaryPrincipal at that point because, apparently, that's > not the thread that the service method executes on. (Additionally, I don't > see how to set the PrimaryPrincipal yet. I saw examples using a properties > collection, but those were pre release and have notes that say they won't > work any more). I'd prefer to use the thread principal because that would > allow it to play well with the other kids. > > Based on reading, it seems the place to set the principal is in the > Authorization Policy, but at that point I don't have the username and > password so I can't create the object. > > If that strategy is correct, then how do I persiste an object between the > CustomValidator to the Authorization Policy? > > I'm using the "Programming WCF Services" book, which is good. Any > recommendations for another good one? > > Thanks in advance for your help. > Jay > |
| My System Specs |
|
04-26-2007
| #3 (permalink) |
| | Re: CustomValidator and CustomIPrincipal In the validator you have access to name and password for the purposes of authentication In the authorization policy you have access to the name (but not password) for the purpose of creating a custom principal; look for an "Identities" property on the evaluation context, and enumerate each; one of them will be authenticated and will have an authentication type of your validator; from the name you should be able to construct a new principal with the roles and assign the Principal property. Something like: bool IAuthorizationPolicy.Evaluate(EvaluationContext evaluationContext, ref object state) { IList<IIdentity> idents; object identsObject; if (evaluationContext.Properties.TryGetValue("Identities", out identsObject) && (idents = identsObject as IList<IIdentity>) != null) { foreach (IIdentity ident in idents) { if (ident.IsAuthenticated && ident.AuthenticationType == MyTrustedAuthType) { evaluationContext.Properties["Principal"] = {new principal from ident.Name} return true; // we're done } } } if (! evaluationContext.Properties.ContainsKey("Principal")) { evaluationContext.Properties["Principal"] = Anon; } return false; // keep trying } |
| My System Specs |
|
04-27-2007
| #4 (permalink) |
| | Re: CustomValidator and CustomIPrincipal That worked great. Thanks for your help. Stay tuned. I'm sure I'll be back. Jay <marc.gravell@gmail.com> wrote in message news:1177630355.104557.128830@b40g2000prd.googlegroups.com... > In the validator you have access to name and password for the purposes > of authentication > In the authorization policy you have access to the name (but not > password) for the purpose of creating a custom principal; look for an > "Identities" property on the evaluation context, and enumerate each; > one of them will be authenticated and will have an authentication type > of your validator; from the name you should be able to construct a new > principal with the roles and assign the Principal property. Something > like: > > bool IAuthorizationPolicy.Evaluate(EvaluationContext > evaluationContext, ref object state) > { > IList<IIdentity> idents; > object identsObject; > if > (evaluationContext.Properties.TryGetValue("Identities", out > identsObject) && (idents = identsObject as IList<IIdentity>) != null) > { > foreach (IIdentity ident in idents) > { > if (ident.IsAuthenticated && > ident.AuthenticationType == MyTrustedAuthType) > { > evaluationContext.Properties["Principal"] > = {new principal from ident.Name} > return true; // we're done > } > } > } > if (! > evaluationContext.Properties.ContainsKey("Principal")) > { > evaluationContext.Properties["Principal"] = Anon; > } > return false; // keep trying > > } > |
| My System Specs |
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| CustomValidator in GridView getting "no message" on errors | .NET General | |||
