Why doesn't ApplicationContext.User use the ServiceSecurityContext from WCF Security model?

Why doesn't ApplicationContext.User use the ServiceSecurityContext from WCF Security model?

Old forum URL: forums.lhotka.net/forums/t/9671.aspx


w1z posted on Monday, October 25, 2010

Hello!

I faced the following problem. In our application we implemented the custom username authentication in WCF services that are hosted in IIS. This services work with CSLA objects. Custom authentication uses the custom validator to check the username and password. (for more information see http://msdn.microsoft.com/en-us/library/aa702565.aspx). After validation a principle of current user is set to ServiceSecurityContext.PrimaryIdentity.

Is there any ability to use this principal in CSLA.ApplicationContext.User? We want to avoid the setting of CSLA.ApplicationContext.User with ServiceSecurityContext.PrimaryIdentity on each call of our WCF services. And as I see, there is no solution to extend the logic of CSLA.ApplicationContext.User.

What could you suggest in this case?

Thank you in advance!

 

RockfordLhotka replied on Monday, October 25, 2010

Have you read the WCF chapter in the Using CSLA .NET 3.0 ebook? In that chapter I pretty thoroughly cover the authentication pipeline used by WCF and the two places you can plug into the process for username/password scenarios.

I do discuss this in the Expert 2008 Business Objects book too, but not quite as deeply as in the ebook.

However, perhaps you are discussing a new feature in WCF 4? If so, it is something I should look into. When I wrote the ebook and 2008 book there was no built-in simple username/pw authentication model in WCF, and I had to create my own (hence the exploration of the pipeline).

Copyright (c) Marimer LLC