Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Claims-based authentication for WCF RESTful services

I've been working through various samples to try and piece together a solution for SAML token-based authentication for ASP.Net web services and WCF RESTful web services... some of the samples I've been referencing:

  • http://custombasicauth.codeplex.com/Wikipage
  • http://leastprivilege.com/2010/02/15/securing-wcf-data-services-using-wif/
  • http://weblogs.asp.net/cibrax/archive/2010/02/17/a-good-way-to-handle-claim-based-security-in-restful-services.aspx
  • etc...

I've been battling my way through each roadblock, and I'm so close I can taste it. The latest block that's got me is this:

If I use the regular WebServiceHostFactory, the custom authorization policies are applied and Thread.CurrentPrincipal ends up taking the value that my HttpModule set for HttpContext.Current.User... but... if I use the WebServiceHost2Factory (i.e. from the REST Starter Kit) to gain the auto help endpoint, etc..., then the auth policies aren't applied, and the Thread.CurrentPrincipal ends up being an instance of RoleProviderPrincipal in no way related to the ClaimsPrincipal I set in the HttpModule.. :-(

Any thoughts, ideas how to get the WebServiceHost2Factory to play nice with the custom / overridden principal?

Thanks,

Tyler

like image 877
Tyler Avatar asked Apr 12 '10 17:04

Tyler


1 Answers

Seems like the question was answered in the cross post in the MSDN/WCF forum: http://social.msdn.microsoft.com/Forums/en/wcf/thread/28fdaa9f-b75a-4ad6-a5f7-7e5af5dc909b

--larsw

like image 164
larsw Avatar answered Sep 30 '22 16:09

larsw