Transfer WCF custom authentication session to service

Question

I have WCF webservice that's doing custom authorization using UserNamePasswordValidator

public class CustomUserNameValidator : UserNamePasswordValidator
    {
    public override void Validate(string userName, string password)
        {
        try
            {
            MySession session = new MySession(userName, password);
            }
        catch (UnauthorizedAccessException e)
            {
            throw new System.IdentityModel.Tokens.SecurityTokenException("Incorrect username or password");
            }
        }
    }

Authentication works fine, but I don't know is how to transfer the session created in CustomUserNameValidator to the service.

MySession, in case you are wondering, comes from third party API.

Answer 1

I'm assuming your third party library wasn't actually built for WCF, and you need to implement the WCF Authorization/Authentication bits?

Have you looked into something like this:

http://www.leastprivilege.com/CustomPrincipalsAndWCF.aspx

You could set Thread.CurrentPrincipal?