WCF 4.0's analog to WCF REST Starter Kit's RequestInterceptor?

Question

Does WCF 4.0 have an analog class/module/whatever to WCF REST Starter Kit's RequestInterceptor?

Answer 1

I'm back with an update.

I happen to value simplicity in code and after successfully solving this issue, I can't say I prefer it any more than the Query String method. Dropping a single call into each service endpoint that calls an AuthN method alongside the AuthZ method seems easier than some might believe.

Anyway, enough of the opinions...on to the solution. The solution is right under our eyes on Stackoverflow at this link but not well described in our context...so I will give credit to "user634119" for the sample code found here: Headers in OperationContext

First, we need to add a serviceBehavior to our web.config file:

<behaviors>
  <serviceBehaviors>
    <behavior>
      <serviceAuthenticationManager serviceAuthenticationManagerType="WCF.BasicAuthorization, WCF"></serviceAuthenticationManager>
      <serviceAuthorization impersonateCallerForAllOperations="false" principalPermissionMode="Custom" serviceAuthorizationManagerType="WCF.BasicAuthentication, WCF">
      </serviceAuthorization>
    </behavior>
  </serviceBehaviors>
</behaviors>

Next make a class (called BasicAuthorization as referenced in the serviceBehaviors block above):

//Authorize the call against the URI resource being requested...
public class BasicAuthorization : ServiceAuthorizationManager
{
    public override bool CheckAccess(OperationContext operationContext, 
    ref Message message)
    {
        //some code
    }
}

Next make an Authentication class:

// Authenticate the header signature as described in my previous post
public class BasicAuthentication : ServiceAuthenticationManager
{
    public override ReadOnlyCollection<IAuthorizationPolicy> Authenticate(
        ReadOnlyCollection<IAuthorizationPolicy> authPolicy, Uri listenUri, 
        ref Message message)
    {
        //some code
    }
}

In the Authenticate method, use HttpRequestMessageProperty to pull the request header details out and perform the same 3 steps described in my first reply.