MSDN Magazine - October 2008 - (Page 67)

Writing a custom principal is straightforward. Simply implement the IPrincipal interface and add your own custom functionality. To integrate the principal with WCF, you have to set the PrincipalPermissionMode attribute in the ServiceAuthorization element to “custom” and provide an authorization policy that is responsible for creating the principal and giving it back to WCF. An authorization policy is simply a class that implements the System.IdentityModel.Policy.IAuthorizationPolicy interface. Implementations of this interface must employ a method called Evaluate, which gets called on every request. Here you can reach into the WCF service security context and set the custom principal. Figure 3 shows a custom principal as well as the authorization policy and its corresponding configuration entries. WCF will create the Access Denied fault message and send that back to the client. A return value of true will grant access to the service operation. You can find the unique identifier of the operation that the client tries to call in the WS-Addressing action header. This value can be obtained from IncomingMessageHeader.Action property on the operation context that is passed into CheckAccess. The format of the action value is: ServiceNamespace/ContractName/OperationName For example, you might see something like this: urn:msdnmag/ServiceContract/GetRoles Centralizing Authorization Logic So far you have seen how you can access the role information that is provided by the WCF security system from within your service operations. Sometimes, however, it is also useful to have centralized logic that can inspect every incoming request and make authorization decisions without having to spread that logic over all your service operations. Enter the service authorization manager. The service authorization manager is a class that derives from System.ServiceModel.ServiceAuthorizationManager. You can override the CheckAccessCore method to run custom authorization code for each request. In CheckAccess, you have access to the current security context as well as the incoming message, including the headers. When you return false from CheckAccess, Figure 3 A Custom Principal and Authorization Policy Principal class CustomPrincipal : IPrincipal { IIdentity _identity; string[] _roles; Cache _cache = HttpRuntime.Cache; public CustomPrincipal(IIdentity identity) { _identity = identity; } // helper method for easy access (without casting) public static CustomPrincipal Current { get { return Thread.CurrentPrincipal as CustomPrincipal; } } public IIdentity Identity { get { return _identity; } } // return all roles (custom property) public string[] Roles { get { EnsureRoles(); return _roles; } } // IPrincipal role check public bool IsInRole(string role) { EnsureRoles(); } return _roles.Contains(role); WCF passes in the complete request message as a ref parameter. This allows inspecting and even changing the message before it reaches the service operation (or gets bounced back because of a negative authorization outcome). Be aware that messages in WCF are always read-once. That means you first have to create a copy of the message before you inspect the body. This can be done by creating a message buffer using the following code (you need to be careful with large or streamed messages): MessageBuffer buffer = operationContext.RequestContext.RequestMessage.CreateBufferedCopy( int.MaxValue); Once you have created a copy of the message, you can use the standard APIs to get access to its content. In Figure 4, you can see a sample implementation of a service authorization manager that moves the authorization logic from the service operation to a central place. } // cache roles for subsequent requests protected virtual void EnsureRoles() { // caching logic omitted – see the sample download } Authorization Policy class AuthorizationPolicy : IAuthorizationPolicy { // called after the authentication stage public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // get the authenticated client identity from the evaluation context IIdentity client = GetClientIdentity(evaluationContext); // set the custom principal evaluationContext.Properties[‘Principal’] = new CustomPrincipal(client); } } return true; // rest omitted Configuration msdnmagazine.com October 2008 67 http://www.msdnmagazine.com Table of Contents for the Digital Edition of MSDN Magazine - October 2008MSDN Magazine - October 2008ContentsToolboxCLR Inside OutBasic InstinctsCutting EdgePatterns In PracticeService StationParadigm ShiftCoding ToolsConcurrency HazardsAsp.net AJAX 4.0Easy AsyncFoundationsWindows With C++Going Places.NET Matters{ End Bracket }MSDN Magazine - October 2008MSDN Magazine - October 2008 - (Page Intro)MSDN Magazine - October 2008 - Contents (Page Cover1)MSDN Magazine - October 2008 - Contents (Page Cover2)MSDN Magazine - October 2008 - Contents (Page 1)MSDN Magazine - October 2008 - Contents (Page 2)MSDN Magazine - October 2008 - Contents (Page 3)MSDN Magazine - October 2008 - Contents (Page 4)MSDN Magazine - October 2008 - Contents (Page 5)MSDN Magazine - October 2008 - Contents (Page 6)MSDN Magazine - October 2008 - Contents (Page 7)MSDN Magazine - October 2008 - Contents (Page 8)MSDN Magazine - October 2008 - Contents (Page 9)MSDN Magazine - October 2008 - Contents (Page 10)MSDN Magazine - October 2008 - Toolbox (Page 11)MSDN Magazine - October 2008 - Toolbox (Page 12)MSDN Magazine - October 2008 - Toolbox (Page 13)MSDN Magazine - October 2008 - Toolbox (Page 14)MSDN Magazine - October 2008 - Toolbox (Page 15)MSDN Magazine - October 2008 - Toolbox (Page 16)MSDN Magazine - October 2008 - CLR Inside Out (Page 17)MSDN Magazine - October 2008 - CLR Inside Out (Page 18)MSDN Magazine - October 2008 - CLR Inside Out (Page 19)MSDN Magazine - October 2008 - CLR Inside Out (Page 20)MSDN Magazine - October 2008 - CLR Inside Out (Page 21)MSDN Magazine - October 2008 - CLR Inside Out (Page 22)MSDN Magazine - October 2008 - Basic Instincts (Page 23)MSDN Magazine - October 2008 - Basic Instincts (Page 24)MSDN Magazine - October 2008 - Basic Instincts (Page 25)MSDN Magazine - October 2008 - Basic Instincts (Page 26)MSDN Magazine - October 2008 - Basic Instincts (Page 27)MSDN Magazine - October 2008 - Basic Instincts (Page 28)MSDN Magazine - October 2008 - Basic Instincts (Page 29)MSDN Magazine - October 2008 - Basic Instincts (Page 30)MSDN Magazine - October 2008 - Basic Instincts (Page 31)MSDN Magazine - October 2008 - Basic Instincts (Page 32)MSDN Magazine - October 2008 - Cutting Edge (Page 33)MSDN Magazine - October 2008 - Cutting Edge (Page 34)MSDN Magazine - October 2008 - Cutting Edge (Page 35)MSDN Magazine - October 2008 - Cutting Edge (Page 36)MSDN Magazine - October 2008 - Cutting Edge (Page 37)MSDN Magazine - October 2008 - Cutting Edge (Page 38)MSDN Magazine - October 2008 - Cutting Edge (Page 39)MSDN Magazine - October 2008 - Cutting Edge (Page 40)MSDN Magazine - October 2008 - Cutting Edge (Page 41)MSDN Magazine - October 2008 - Cutting Edge (Page 42)MSDN Magazine - October 2008 - Patterns In Practice (Page 43)MSDN Magazine - October 2008 - Patterns In Practice (Page 44)MSDN Magazine - October 2008 - Patterns In Practice (Page 45)MSDN Magazine - October 2008 - Patterns In Practice (Page 46)MSDN Magazine - October 2008 - Patterns In Practice (Page 47)MSDN Magazine - October 2008 - Patterns In Practice (Page 48)MSDN Magazine - October 2008 - Patterns In Practice (Page 49)MSDN Magazine - October 2008 - Patterns In Practice (Page 50)MSDN Magazine - October 2008 - Patterns In Practice (Page 51)MSDN Magazine - October 2008 - Patterns In Practice (Page 52)MSDN Magazine - October 2008 - Patterns In Practice (Page 53)MSDN Magazine - October 2008 - Patterns In Practice (Page 54)MSDN Magazine - October 2008 - Patterns In Practice (Page 55)MSDN Magazine - October 2008 - Patterns In Practice (Page 56)MSDN Magazine - October 2008 - Patterns In Practice (Page 57)MSDN Magazine - October 2008 - Patterns In Practice (Page 58)MSDN Magazine - October 2008 - Patterns In Practice (Page 59)MSDN Magazine - October 2008 - Patterns In Practice (Page 60)MSDN Magazine - October 2008 - Patterns In Practice (Page 61)MSDN Magazine - October 2008 - Patterns In Practice (Page 62)MSDN Magazine - October 2008 - Patterns In Practice (Page 63)MSDN Magazine - October 2008 - Patterns In Practice (Page 64)MSDN Magazine - October 2008 - Service Station (Page 65)MSDN Magazine - October 2008 - Service Station (Page 66)MSDN Magazine - October 2008 - Service Station (Page 67)MSDN Magazine - October 2008 - Service Station (Page 68)MSDN Magazine - October 2008 - Service Station (Page 69)MSDN Magazine - October 2008 - Service Station (Page 70)MSDN Magazine - October 2008 - Service Station (Page 71)MSDN Magazine - October 2008 - Service Station (Page 72)MSDN Magazine - October 2008 - Service Station (Page 73)MSDN Magazine - October 2008 - Paradigm Shift (Page 74)MSDN Magazine - October 2008 - Paradigm Shift (Page 75)MSDN Magazine - October 2008 - Paradigm Shift (Page 76)MSDN Magazine - October 2008 - Paradigm Shift (Page 77)MSDN Magazine - October 2008 - Paradigm Shift (Page 78)MSDN Magazine - October 2008 - Paradigm Shift (Page 79)MSDN Magazine - October 2008 - Paradigm Shift (Page 80)MSDN Magazine - October 2008 - Paradigm Shift (Page 81)MSDN Magazine - October 2008 - Paradigm Shift (Page 82)MSDN Magazine - October 2008 - Paradigm Shift (Page 83)MSDN Magazine - October 2008 - Paradigm Shift (Page 84)MSDN Magazine - October 2008 - Paradigm Shift (Page 85)MSDN Magazine - October 2008 - Coding Tools (Page 86)MSDN Magazine - October 2008 - Coding Tools (Page 87)MSDN Magazine - October 2008 - Coding Tools (Page 88)MSDN Magazine - October 2008 - Coding Tools (Page 89)MSDN Magazine - October 2008 - Coding Tools (Page 90)MSDN Magazine - October 2008 - Coding Tools (Page 91)MSDN Magazine - October 2008 - Coding Tools (Page 92)MSDN Magazine - October 2008 - Coding Tools (Page 93)MSDN Magazine - October 2008 - Coding Tools (Page 94)MSDN Magazine - October 2008 - Coding Tools (Page 95)MSDN Magazine - October 2008 - Coding Tools (Page 96)MSDN Magazine - October 2008 - Coding Tools (Page 97)MSDN Magazine - October 2008 - Coding Tools (Page 98)MSDN Magazine - October 2008 - Coding Tools (Page 99)MSDN Magazine - October 2008 - Coding Tools (Page 100)MSDN Magazine - October 2008 - Coding Tools (Page 101)MSDN Magazine - October 2008 - Coding Tools (Page 102)MSDN Magazine - October 2008 - Coding Tools (Page 103)MSDN Magazine - October 2008 - Concurrency Hazards (Page 104)MSDN Magazine - October 2008 - Concurrency Hazards (Page 105)MSDN Magazine - October 2008 - Concurrency Hazards (Page 106)MSDN Magazine - October 2008 - Concurrency Hazards (Page 107)MSDN Magazine - October 2008 - Concurrency Hazards (Page 108)MSDN Magazine - October 2008 - Concurrency Hazards (Page 109)MSDN Magazine - October 2008 - Concurrency Hazards (Page 110)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 111)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 112)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 113)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 114)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 115)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 116)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 117)MSDN Magazine - October 2008 - Asp.net AJAX 4.0 (Page 118)MSDN Magazine - October 2008 - Easy Async (Page 119)MSDN Magazine - October 2008 - Easy Async (Page 120)MSDN Magazine - October 2008 - Easy Async (Page 121)MSDN Magazine - October 2008 - Easy Async (Page 122)MSDN Magazine - October 2008 - Easy Async (Page 123)MSDN Magazine - October 2008 - Easy Async (Page 124)MSDN Magazine - October 2008 - Easy Async (Page 125)MSDN Magazine - October 2008 - Easy Async (Page 126)MSDN Magazine - October 2008 - Easy Async (Page 127)MSDN Magazine - October 2008 - Easy Async (Page 128)MSDN Magazine - October 2008 - Foundations (Page 129)MSDN Magazine - October 2008 - Foundations (Page 130)MSDN Magazine - October 2008 - Foundations (Page 131)MSDN Magazine - October 2008 - Foundations (Page 132)MSDN Magazine - October 2008 - Foundations (Page 133)MSDN Magazine - October 2008 - Foundations (Page 134)MSDN Magazine - October 2008 - Foundations (Page 135)MSDN Magazine - October 2008 - Foundations (Page 136)MSDN Magazine - October 2008 - Foundations (Page 137)MSDN Magazine - October 2008 - Foundations (Page 138)MSDN Magazine - October 2008 - Windows With C++ (Page 139)MSDN Magazine - October 2008 - Windows With C++ (Page 140)MSDN Magazine - October 2008 - Windows With C++ (Page 141)MSDN Magazine - October 2008 - Windows With C++ (Page 142)MSDN Magazine - October 2008 - Windows With C++ (Page 143)MSDN Magazine - October 2008 - Windows With C++ (Page 144)MSDN Magazine - October 2008 - Going Places (Page 145)MSDN Magazine - October 2008 - Going Places (Page 146)MSDN Magazine - October 2008 - Going Places (Page 147)MSDN Magazine - October 2008 - Going Places (Page 148)MSDN Magazine - October 2008 - Going Places (Page 149)MSDN Magazine - October 2008 - Going Places (Page 150)MSDN Magazine - October 2008 - Going Places (Page 151)MSDN Magazine - October 2008 - Going Places (Page 152)MSDN Magazine - October 2008 - .NET Matters (Page 153)MSDN Magazine - October 2008 - .NET Matters (Page 154)MSDN Magazine - October 2008 - .NET Matters (Page 155)MSDN Magazine - October 2008 - .NET Matters (Page 156)MSDN Magazine - October 2008 - .NET Matters (Page 157)MSDN Magazine - October 2008 - .NET Matters (Page 158)MSDN Magazine - October 2008 - .NET Matters (Page 159)MSDN Magazine - October 2008 - { End Bracket } (Page 160)MSDN Magazine - October 2008 - { End Bracket } (Page Cover3)MSDN Magazine - October 2008 - { End Bracket } (Page Cover4)http://www.nxtbook.com/nxtbooks/cmp/msdnmag1109http://www.nxtbook.com/nxtbooks/cmp/msdnmag1009http://www.nxtbook.com/nxtbooks/cmp/msdnmag0909http://www.nxtbook.com/nxtbooks/cmp/msdnmag0809http://www.nxtbook.com/nxtbooks/cmp/msdnmag0709http://www.nxtbook.com/nxtbooks/cmp/msdnmag0609http://www.nxtbook.com/nxtbooks/cmp/msdnmag0509http://www.nxtbook.com/nxtbooks/cmp/msdnmag0409http://www.nxtbook.com/nxtbooks/cmp/msdnmag0309http://www.nxtbook.com/nxtbooks/cmp/msdnmag0209http://www.nxtbook.com/nxtbooks/cmp/msdnmag0109http://www.nxtbook.com/nxtbooks/cmp/msdnmag1208http://www.nxtbook.com/nxtbooks/cmp/msdnmag1108http://www.nxtbook.com/nxtbooks/cmp/msdnmag1008http://www.nxtbook.com/nxtbooks/cmp/msdnmag0908http://www.nxtbook.com/nxtbooks/cmp/msdnmag0808http://www.nxtbook.com/nxtbooks/cmp/msdnmag0708http://www.nxtbook.com/nxtbooks/cmp/msdnmag0608http://www.nxtbook.com/nxtbooks/cmp/msdnmag0408http://www.nxtbook.com/nxtbooks/cmp/msdnmag0308http://www.nxtbook.com/nxtbooks/cmp/msdnmag-launch021508http://www.nxtbook.com/nxtbooks/cmp/msdnmag0208http://www.nxtbook.com/nxtbooks/cmp/msdnmag0108http://www.nxtbook.com/nxtbooks/cmp/msdnmag1207http://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.